Vulnerabilities > Trend Micro > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-14 | CVE-2005-3360 | Products Local Insecure Permissions vulnerability in Trend Micro Pc-Cillin 2005 12.00Build1244 The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files. | 7.2 |
| 2005-05-02 | CVE-2005-0533 | Heap Overflow vulnerability in Trend Micro VSAPI ARJ Handling Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. | 7.5 |
| 2005-05-02 | CVE-2005-0383 | Remote Security vulnerability in Trend Micro Control Manager 3.0Enterprise Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password. | 7.5 |
| 2004-12-31 | CVE-2004-2430 | Local Privilege Escalation vulnerability in Trend Micro OfficeScan Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. | 7.2 |
| 2003-12-31 | CVE-2003-1343 | Improper Authentication vulnerability in Trend Micro Scanmail Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | 7.5 |
| 2003-12-31 | CVE-2003-1341 | Configuration vulnerability in Trend Micro Officescan and Virus Buster The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe. | 7.5 |
| 2003-08-27 | CVE-2003-0646 | Unspecified vulnerability in Trend Micro Damage Cleanup Server and Housecall Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. | 7.5 |
| 2002-09-24 | CVE-2002-1121 | SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type. | 7.5 |
| 2002-07-26 | CVE-2002-0440 | Unspecified vulnerability in Trend Micro Interscan Viruswall 3.51/3.6 Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP clients. | 7.5 |
| 2002-07-11 | CVE-2002-0637 | Unspecified vulnerability in Trend Micro Interscan Viruswall 3.52 InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express. | 7.5 |