Vulnerabilities > Trend Micro > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-30 | CVE-2016-5840 | Improper Input Validation vulnerability in Trend Micro Deep Discovery Inspector 3.7/3.81/3.82 hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header. | 9.0 |
| 2011-12-25 | CVE-2011-5001 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Control Manager Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101. | 10.0 |
| 2009-01-21 | CVE-2008-3865 | Buffer Errors vulnerability in Trend Micro products Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. | 10.0 |
| 2008-12-23 | CVE-2008-2435 | Resource Management Errors vulnerability in Trend Micro Housecall 6.51.0.1028/6.6.0.1278 Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. | 9.3 |
| 2008-12-23 | CVE-2008-2434 | Code Injection vulnerability in Trend Micro Housecall 6.51.0.1028/6.6/6.6.0.1278 The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. | 9.3 |
| 2008-12-12 | CVE-2008-5545 | Improper Input Validation vulnerability in Trend Micro Trend Micro Antivirus 8.700.0.1004 Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
| 2008-11-17 | CVE-2008-0014 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. | 10.0 |
| 2008-11-17 | CVE-2008-0013 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014. | 10.0 |
| 2008-11-17 | CVE-2008-0012 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014. | 10.0 |
| 2008-11-17 | CVE-2007-0074 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect 5.58/5.7 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC. | 10.0 |