Vulnerabilities > Trend Micro

DATE CVE VULNERABILITY TITLE RISK
2007-09-12 CVE-2007-4731 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect
Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.
network
low complexity
trend-micro CWE-119
critical
10.0
2007-08-22 CVE-2007-4490 Denial-Of-Service vulnerability in Trend Micro Serverprotect 5.58
Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO.
network
low complexity
trend-micro
critical
10.0
2007-08-22 CVE-2007-4219 Numeric Errors vulnerability in Trend Micro Serverprotect 5.58
Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.
network
low complexity
trend-micro CWE-189
critical
10.0
2007-08-22 CVE-2007-4218 Improper Input Validation vulnerability in Trend Micro Serverprotect 5.58
Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.
network
low complexity
trend-micro CWE-20
critical
10.0
2007-08-22 CVE-2007-3873 Local Stack Buffer Overflow vulnerability in Trend Micro Antispyware and Pc-Cillin Internet Security 2007
Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.
local
trend-micro
6.9
2007-06-27 CVE-2007-3455 Permissions, Privileges, and Access Controls vulnerability in Trend Micro Officescan 8.0
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."
network
low complexity
trend-micro CWE-264
critical
10.0
2007-06-27 CVE-2007-3454 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Officescan 7.3/8.0
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.
network
low complexity
trend-micro CWE-119
critical
10.0
2007-05-09 CVE-2007-2533 Remote Security vulnerability in Trend Micro Serverprotect 5.58
Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll.
network
low complexity
trend-micro
critical
10.0
2007-05-08 CVE-2007-2528 Remote Security vulnerability in Trend Micro Serverprotect 5.58
Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests.
network
low complexity
trend-micro
critical
10.0
2007-05-08 CVE-2007-2508 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe.
network
low complexity
trend-micro CWE-119
critical
10.0