CVE-2008-3866
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.
El servicio Trend Micro Personal Firewall (también conocido como TmPfw.exe) en los módulos Trend Micro Network Security Component (NSC, utilizado en Trend Micro OfficeScan 8.0 SP1 parche 1 e Internet Security 2007 y 2008 v17.0.1224, se basa en la protección de la contraseña del lado del cliente implementada en la configuración GUI, lo que permite a usuarios locales evitar las restricciones de de acceso previstas y cambiar las configuraciones del cortafuegos utilizando un cliente modificado que envía paquetes manipulados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-08-29 CVE Reserved
- 2009-01-21 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1021616 | Vdb Entry | |
| http://www.securitytracker.com/id?1021617 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/0191 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48108 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/31160 | 2017-08-08 | |
| http://secunia.com/advisories/33609 | 2017-08-08 | |
| http://www.securityfocus.com/bid/33358 | 2017-08-08 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/secunia_research/2008-43 | 2017-08-08 | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trend Micro Search vendor "Trend Micro" | Internet Security 2007 Search vendor "Trend Micro" for product "Internet Security 2007" | * | - |
Affected
| ||||||
| Trend Micro Search vendor "Trend Micro" | Internet Security 2008 Search vendor "Trend Micro" for product "Internet Security 2008" | 17.0.1224 Search vendor "Trend Micro" for product "Internet Security 2008" and version "17.0.1224" | - |
Affected
| ||||||
| Trend Micro Search vendor "Trend Micro" | Officescan Search vendor "Trend Micro" for product "Officescan" | 8.0 Search vendor "Trend Micro" for product "Officescan" and version "8.0" | sp1 |
Affected
| ||||||