Trend Micro OfficeScan / Trend Micro Internet Security multiple security vulnerabilities
Published:		20.01.2009
Source:		BUGTRAQ
SecurityVulns ID:		9607
Type:		local
Level:		5/10
Description:		Firewall settings manipulations, DoS.

Affected:		TM : OfficeScan 8.0
		TM : Trend Micro Internet Security 2007
		TM : Trend Micro Internet Security 2008
CVE:		CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.)
		CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.)
		CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.)

Original document		SECUNIA, [Full-disclosure] Secunia Research: Trend Micro NSC Firewall Configuration Vulnerability (20.01.2009)
		SECUNIA, [Full-disclosure] Secunia Research: Trend Micro Network Security Component Vulnerabilities (20.01.2009)

Discuss:

Read or add your comments to this news (0 comments)