CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2008-3864
https://notcve.org/view.php?id=CVE-2008-3864
21 Jan 2009 — The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. La función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se us... • http://secunia.com/advisories/31160 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 29%CPEs: 3EXPL: 0CVE-2008-3865
https://notcve.org/view.php?id=CVE-2008-3865
21 Jan 2009 — Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) ... • http://secunia.com/advisories/31160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3866
https://notcve.org/view.php?id=CVE-2008-3866
21 Jan 2009 — The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe)... • http://secunia.com/advisories/31160 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4277
https://notcve.org/view.php?id=CVE-2007-4277
30 Oct 2007 — The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403. La ingenieria de búsqueda de Trend Micro AntiVirus anterior a 8.550-10... • http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2007-3873
https://notcve.org/view.php?id=CVE-2007-3873
22 Aug 2007 — Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification. Desbordamiento de búfer basado en pila en vstlib32.dll 1.2.0.1012... • http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845 •