9 results (0.014 seconds)

CVSS: 9.3EPSS: 39%CPEs: 118EXPL: 0

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •

CVSS: 7.5EPSS: 21%CPEs: 78EXPL: 0

Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. • http://secunia.com/advisories/14396 http://securitytracker.com/id?1013289 http://securitytracker.com/id?1013290 http://www.securityfocus.com/bid/12643 http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution http://xforce.iss.net/xforce/alerts/id/189 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding. • http://www.iss.net/security_center/static/10106.php http://www.securityfocus.com/archive/1/291538 http://www.securityfocus.com/bid/5697 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type. motores de filtrado de contenido SMTP, incluyendo GFI MailSecurity para Exchange/SMTP anteriores a 7.2 InterScan VirusWall anteriores a 3.52 compilación 1494 la configuración por defecto de MIMEDefang anteriores a 2.21 y posiblemente otros productos, no detectan correos electrónicos fragmentados como se define en la RFC2046 ("Fragmentación y ensamblaje de Mensajes"), y soportado en productos como Outlook Express, lo que permite a atacantes remotos evitar el filtrado de contenido, incluyendo la comprobación de virus, mediante correos fragmentados con el tipo de contenido message/partial. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html http://marc.info/?l=bugtraq&m=103184267105132&w=2 http://marc.info/?l=bugtraq&m=103184501408453&w=2 http://www.iss.net/security_center/static/10088.php http://www.kb.cert.org/vuls/id/836088 http://www.securiteam.com/securitynews/5YP0A0K8CM.html http://www.securityfocus.com/bid& •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients. • https://www.exploit-db.com/exploits/21339 http://seclists.org/lists/bugtraq/2002/Mar/0162.html http://www.inside-security.de/vwall_cl0.html http://www.iss.net/security_center/static/8425.php http://www.securityfocus.com/bid/4265 •