CVE-2008-3866
https://notcve.org/view.php?id=CVE-2008-3866
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC, utilizado en Trend Micro OfficeScan 8.0 SP1 parche 1 e Internet Security 2007 y 2008 v17.0.1224, se basa en la protección de la contraseña del lado del cliente implementada en la configuración GUI, lo que permite a usuarios locales evitar las restricciones de de acceso previstas y cambiar las configuraciones del cortafuegos utilizando un cliente modificado que envía paquetes manipulados. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-43 http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021616 http://www.securitytracker.com/id?1021617 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009/0191 https://exchange.xforce.ibmcloud.com/vulnerabilities/48108 • CWE-287: Improper Authentication •
CVE-2008-3865
https://notcve.org/view.php?id=CVE-2008-3865
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos ejecutar código de su elección mediante un paquete con un valor pequeño en un campo de tamaño no especificado. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-42 http://securityreason.com/securityalert/4937 http://www.securityfocus.com/archive/1/500195/100/0/threaded http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021614 http://www.securitytracker.com/id?1021615 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3864
https://notcve.org/view.php?id=CVE-2008-3864
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. La función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos provocar una denegación de sevicio (caída de aplicación) mediante un paquete con un valor grande en un campo de tamaño no especificado. • http://secunia.com/advisories/31160 http://secunia.com/advisories/33609 http://secunia.com/secunia_research/2008-42 http://securityreason.com/securityalert/4937 http://www.securityfocus.com/archive/1/500195/100/0/threaded http://www.securityfocus.com/bid/33358 http://www.securitytracker.com/id?1021614 http://www.securitytracker.com/id?1021615 http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt http://www.vupen.com/english/advisories/2009 • CWE-20: Improper Input Validation •