CVE-2008-3865
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
Múltiples desbordamientos de búfer basados en montículo en la función ApiThread en el servicio de cortafuegos (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC), del modo que se usan en Trend Micro OfficeScan 8.0 SP1 Patch 1 e Internet Security 2007 y 2008 17.0.1224, permite a atacantes remotos ejecutar código de su elección mediante un paquete con un valor pequeño en un campo de tamaño no especificado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-08-29 CVE Reserved
- 2009-01-21 CVE Published
- 2023-07-22 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/4937 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/500195/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1021614 | Vdb Entry | |
| http://www.securitytracker.com/id?1021615 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/0191 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48107 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/33358 | 2018-10-11 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/31160 | 2018-10-11 | |
| http://secunia.com/advisories/33609 | 2018-10-11 | |
| http://secunia.com/secunia_research/2008-42 | 2018-10-11 | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trend Micro Search vendor "Trend Micro" | Internet Security 2007 Search vendor "Trend Micro" for product "Internet Security 2007" | * | - |
Affected
| ||||||
| Trend Micro Search vendor "Trend Micro" | Internet Security 2008 Search vendor "Trend Micro" for product "Internet Security 2008" | 17.0.1224 Search vendor "Trend Micro" for product "Internet Security 2008" and version "17.0.1224" | - |
Affected
| ||||||
| Trend Micro Search vendor "Trend Micro" | Officescan Search vendor "Trend Micro" for product "Officescan" | 8.0 Search vendor "Trend Micro" for product "Officescan" and version "8.0" | sp1 |
Affected
| ||||||