CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4277
https://notcve.org/view.php?id=CVE-2007-4277
30 Oct 2007 — The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403. La ingenieria de búsqueda de Trend Micro AntiVirus anterior a 8.550-10... • http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2007-3873
https://notcve.org/view.php?id=CVE-2007-3873
22 Aug 2007 — Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification. Desbordamiento de búfer basado en pila en vstlib32.dll 1.2.0.1012... • http://esupport.trendmicro.com/support/consumer/search.do?cmd=displayKC&externalId=PUB-en-1035845 •
CVSS: 9.8EPSS: 31%CPEs: 118EXPL: 0CVE-2007-0851
https://notcve.org/view.php?id=CVE-2007-0851
08 Feb 2007 — Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecuta... • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2007-0856
https://notcve.org/view.php?id=CVE-2007-0856
08 Feb 2007 — TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access p... • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-1034432 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-6458
https://notcve.org/view.php?id=CVE-2006-6458
11 Dec 2006 — The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. El motor de escaneo de Trend Micro anterior a 8.320 para Windows y anterior a 8.150 en HP-U... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 •