Vulnerabilities > Trend Micro

DATE CVE VULNERABILITY TITLE RISK
2008-10-03 CVE-2008-4403 Resource Management Errors vulnerability in Trend Micro Officescan 8.0
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via crafted HTTP headers, related to the "error handling mechanism."
network
low complexity
trend-micro CWE-399
5.0
2008-10-03 CVE-2008-4402 Buffer Errors vulnerability in Trend Micro Officescan 8.0
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
trend-micro CWE-119
critical
10.0
2008-10-03 CVE-2008-2439 Path Traversal vulnerability in Trend Micro Officescan and Worry Free Business Security
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request.
network
low complexity
trend-micro CWE-22
5.0
2008-09-16 CVE-2008-2437 Buffer Errors vulnerability in Trend Micro Client-Server-Messaging Security and Officescan
Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.
network
low complexity
trend-micro CWE-119
critical
10.0
2008-07-30 CVE-2008-3364 Buffer Errors vulnerability in Trend Micro Officescan 7.3
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties.
network
trend-micro CWE-119
critical
9.3
2008-03-17 CVE-2008-1366 Improper Input Validation vulnerability in Trend Micro Officescan Corporate Edition
Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to cause a denial of service (process consumption) via (1) an HTTP request without a Content-Length header or (2) invalid characters in unspecified CGI arguments, which triggers a NULL pointer dereference.
network
low complexity
trend-micro CWE-20
5.0
2008-03-17 CVE-2008-1365 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Officescan Corporate Edition
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
network
low complexity
trend-micro CWE-119
6.4
2007-12-20 CVE-2007-6507 Permissions, Privileges, and Access Controls vulnerability in Trend Micro Serverprotect 5.58Securitypatch3
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
network
low complexity
trend-micro CWE-264
critical
10.0
2007-12-15 CVE-2007-6386 Buffer Errors vulnerability in Trend Micro products
Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.
local
low complexity
trend-micro CWE-119
7.2
2007-10-30 CVE-2007-4277 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Pc-Cillin Internet Security 2007 and Scan Engine
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality.
local
low complexity
trend-micro CWE-119
6.6