3 results (0.023 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack. Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 anterior a Hot Fix Build 3318 y 11.0 anterior a Hot Fix Build 4180 crea identificadores de sesión para la consola web utilizando un generador de números aleatorios con valores previsibles, lo que facilita a atacantes remotos evadir la autenticación a través de un ataque de fuerza bruta. • http://blog.malerisch.net/2016/05/trendmicro-smex-session-predictable-cve-2015-3326.html http://esupport.trendmicro.com/solution/en-US/1109669.aspx http://www.securityfocus.com/bid/74661 http://www.securitytracker.com/id/1032323 •

CVSS: 9.3EPSS: 39%CPEs: 118EXPL: 0

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. Un desbordamiento de búfer en Trend Micro Scan Engine versiones 8.000 y 8.300 anteriores al archivo de patrones de virus versión 4.245.00, tal y como es usado en otros productos como Cyber Clean Center (CCC) Cleaner, permite a atacantes remotos ejecutar código arbitrario por medio de un ejecutable comprimido UPX malformado. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034289 http://jvn.jp/jp/JVN%2377366274/index.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=470 http://osvdb.org/33038 http://secunia.com/advisories/24087 http://secunia.com/advisories/24128 http://securitytracker.com/id?1017601 http://securitytracker.com/id?1017602 http://securitytracker.com/id? •

CVSS: 7.5EPSS: 21%CPEs: 78EXPL: 0

Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. • http://secunia.com/advisories/14396 http://securitytracker.com/id?1013289 http://securitytracker.com/id?1013290 http://www.securityfocus.com/bid/12643 http://www.trendmicro.com/vinfo/secadvisories/default6.asp?VName=Vulnerability+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution http://xforce.iss.net/xforce/alerts/id/189 •