CVE-2010-0564
https://notcve.org/view.php?id=CVE-2010-0564
Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0. Desbordamiento de búfer en Trend Micro URL Filtering Engine (TMUFE) en OfficeScan v8.0 en versiones anteriores a SP1 Patch 5 - Build 3510, posiblemente tmufeng.dll en versiones a neteriores a v3.0.0.1029, permite a atacantes producir una denegacion de servicio (caida o colgado de OfficeScan) a traves de vectores sin especificar. NOTA: Parece que esta vulnerabilidad afecta tambien a tmufeng.dll en versiones anteriores a v2.0.0.1049 para OfficeScan 10.0. • http://secunia.com/advisories/38396 http://www.securityfocus.com/bid/38083 http://www.securitytracker.com/id?1023553 http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch_5_en_readme.txt http://www.trendmicro.com/ftp/documentation/readme/readme_1224.txt http://www.vupen.com/english/advisories/2010/0295 https://exchange.xforce.ibmcloud.com/vulnerabilities/56097 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2437
https://notcve.org/view.php?id=CVE-2008-2437
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter. Desbordamiento de búfer basado en pila en cgiRecvFile.exe en Trend Micro OfficeScan 7.3 patch 4 build 1362 y otras, OfficeScan 8.0 y 8.0 SP1, y Client Server Messaging Security 3.6, permite a atacantes remotos ejecutar código de su elección a través de peticiones HTTP que contienen un parámetro largo "ComputerName". • http://secunia.com/advisories/31342 http://secunia.com/secunia_research/2008-35 http://securityreason.com/securityalert/4263 http://www.securityfocus.com/archive/1/496281/100/0/threaded http://www.securityfocus.com/bid/31139 http://www.securitytracker.com/id?1020860 http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_Win_EN_CriticalPatch_B1367_readme.txt http://www.t • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2433
https://notcve.org/view.php?id=CVE-2008-2433
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration." La consola de administración web en Trend Micro OfficeScan 7.0 hasta 8.0, Worry-Free Business Security 5.0, y Client/Server/Messaging Suite 3.5 y 3.6 crea una sesión de modo aleatorio basada sólo en el tiempo de acceso, lo cual hace más fácil para atacantes remotos secuestrar sesión a través de ataques de fuerza bruta. NOTA: esto puede ser aprovechado para la ejecución de código a través de una indeterminada "manipulación de la configuración". • http://secunia.com/advisories/31373 http://secunia.com/secunia_research/2008-31/advisory http://securityreason.com/securityalert/4191 http://www.securityfocus.com/archive/1/495670/100/0/threaded http://www.securityfocus.com/bid/30792 http://www.securitytracker.com/id?1020732 http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402_readme.txt http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5%200_EN_CriticalPatch1404.txt http://www.vupen.com • CWE-330: Use of Insufficiently Random Values •
CVE-2007-0851
https://notcve.org/view.php?id=CVE-2007-0851
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •
CVE-2006-5212
https://notcve.org/view.php?id=CVE-2006-5212
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. Trend Micro OfficeScan 6.0 en Client/Server/Messaging (CSM) Suite para SMB 2.0 anetrior a 6.0.0.1385, y OfficeScan Corporate Edition (OSCE) 6.5 anterior a 6.5.0.1418, 7.0 anterior a 7.0.0.1257, y 7.3 anterior a 7.3.0.1053 permite a atacantes remotos borrar archivos mediante un parámetro de nombre de archivo (filename) modificado en una petición HTTP determinada que invoca al programa CGI de OfficeScan. • http://secunia.com/advisories/22156 http://www.securityfocus.com/bid/20330 http://www.trendmicro.com/download/product.asp?productid=5 http://www.trendmicro.com/ftp/documentation/readme/csm_2.0_osce_6.0_win_en_securitypatch_1385_readme.txt http://www.trendmicro.com/ftp/documentation/readme/osce_6.5_win_en_securitypatch_1418_readme.txt http://www.trendmicro.com/ftp/documentation/readme/osce_7.3_win_en_securitypatch_1053_readme.txt http://www.trendmicro.com/ftp/documentation/readme/osce_70& •