Computer Security
[EN] securityvulns.ru no-pyccku


Trend Micro OfficeScan / Trend Micro Internet Security multiple security vulnerabilities
Published:20.01.2009
Source:
SecurityVulns ID:9607
Type:local
Threat Level:
5/10
Description:Firewall settings manipulations, DoS.
Affected:TM : OfficeScan 8.0
 TM : Trend Micro Internet Security 2007
 TM : Trend Micro Internet Security 2008
CVE:CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.)
 CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.)
 CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.)
Original documentdocumentSECUNIA, [Full-disclosure] Secunia Research: Trend Micro NSC Firewall Configuration Vulnerability (20.01.2009)
 documentSECUNIA, [Full-disclosure] Secunia Research: Trend Micro Network Security Component Vulnerabilities (20.01.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod