Page 8 of 42 results (0.010 seconds)

CVSS: 10.0EPSS: 95%CPEs: 10EXPL: 2

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. Múltiples desbordamientos de búfer basado en pila en Trend Micro ServerProtect para Windows y EMC 5.58, y para Network Appliance Filer 5.61 y 5.62, permite a atacantes remotos ejecutar código de su elección a través respuestas RPC manipuladas en TmRpcSrv.dll que disparan un desbordamiento de búfer cuando se llama a las funciones (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, y (3) CMON_ActiveRollbackn en (a) StCommon.dll, y (4) ENG_SetRealTimeScanConfigInfo y (5) las funciones ENG_SendEMail en (b) eng50.dll. • https://www.exploit-db.com/exploits/4367 https://www.exploit-db.com/exploits/16827 http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290 http://osvdb.org/33042 http://secunia.com/advisories/24243 http://www.kb.cert.org/vuls/id/349393 http://www.kb.cert.org/vuls/id/466609 http://www.kb.cert.org/vuls/id/630025 http://www.kb.cert.org/vuls/id/730433 http://www.securityfocus.com/archive/1/460686/100/0/threaded http://www.securityfocus. •

CVSS: 9.3EPSS: 39%CPEs: 118EXPL: 0

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •

CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0

The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-UX y AIX, utilizado en Trend Micro PC Cillin - internet Security 2006, Office Scan 7.3, y Server Protect 5.58, permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU y cuelgue de aplicación) mediante un archivo RAR mal formado con una sección Cabecera de Archivo con lo campos head_size (tamaño de cabecera) y pack_size (tamaño de paquete) puestos a cero, lo cual dispara un bucle infinito. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 http://secunia.com/advisories/23321 http://www.securityfocus.com/bid/21509 http://www.vupen.com/english/advisories/2006/4918 •

CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0

Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE. • http://www.packetstormsecurity.org/0602-advisories/Bypass.pdf http://www.packetstormsecurity.org/filedesc/Bypass.pdf.html http://www.securityfocus.com/archive/1/423896/100/0/threaded http://www.securityfocus.com/archive/1/423913/100/0/threaded http://www.securityfocus.com/archive/1/423914/100/0/threaded http://www.securityfocus.com/archive/1/424172/100/0/threaded http://www.securityfocus.com/archive/1/424598/100/0/threaded http://www.securityfocus.com/bid/16483 https://exchange •

CVSS: 7.5EPSS: 64%CPEs: 1EXPL: 0

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039972.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/039978.html http://secunia.com/advisories/18038 http://securityreason.com/securityalert/256 http://securityreason.com/securityalert/257 http://securitytracker.com/id?1015358 http://www.idefense.com/application/poi/display?id=353&type=vulnerabilities http://www.osvdb.org/21771 http://www.osvdb.org/21772 http://www.securityfocus.com/bid/15865 http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •