Vulnerabilities > Trendmicro

DATE CVE VULNERABILITY TITLE RISK
2010-02-10 CVE-2010-0564 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trendmicro Officescan
Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors.
network
low complexity
trendmicro CWE-119
5.0
2009-04-27 CVE-2009-1435 Resource Management Errors vulnerability in Trendmicro Officescan 8.0
NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames.
local
low complexity
trendmicro CWE-399
2.1
2009-04-01 CVE-2009-0686 Resource Management Errors vulnerability in Trendmicro Internet Security 2008/2009
The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.
local
low complexity
trendmicro CWE-399
7.2
2009-02-17 CVE-2009-0613 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Suite 3.1
Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages.
6.0
2009-02-17 CVE-2009-0612 Information Exposure vulnerability in Trendmicro products
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header.
4.3
2008-08-27 CVE-2008-2433 Use of Insufficiently Random Values vulnerability in Trendmicro products
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks.
network
low complexity
trendmicro CWE-330
critical
9.8