CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2008-3864
https://notcve.org/view.php?id=CVE-2008-3864
21 Jan 2009 — The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. La función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se us... • http://secunia.com/advisories/31160 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 29%CPEs: 3EXPL: 0CVE-2008-3865
https://notcve.org/view.php?id=CVE-2008-3865
21 Jan 2009 — Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) ... • http://secunia.com/advisories/31160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3866
https://notcve.org/view.php?id=CVE-2008-3866
21 Jan 2009 — The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe)... • http://secunia.com/advisories/31160 • CWE-287: Improper Authentication •