EUVD-2008-3850

Malware in sbrugna...

Trend Micro产品网络安全组件模块多个安全漏洞

BUGTRAQ ID: 33358 CVECAN ID: CVE-2008-3864,CVE-2008-3865,CVE-2008-3866 Trend Micro病毒扫描引擎为桌面、服务器和网关提供杀毒功能。 各种Trend Micro产品所捆绑的网络安全组件（NSC）模块中存在多个漏洞，允许本地用户导致拒绝服务、获得权限提升或控制防火墙设置。 1 防火墙服务（TmPfw.exe）的ApiThread函数在处理发送给该服务（默认40000/TCP端口）的报文时存在堆溢出漏洞，在大小字段中包含有较小值的报文可以触发这个溢出，大小字段中包含有超长值会导致服务崩溃。 2 Trend Micr...

Trend Micro OfficeScan Client Firewall Multiple Vulnerabilities

The remote host is either running Trend Micro OfficeScan or Trend Micro OfficeScan Client. The installed version is affected by multiple vulnerabilities : - A vulnerability in 'ApiThread' function could allow a malicious local user to execute arbitrary code with SYSTEM privileges by sending...

Code injection

The ApiThread function in the firewall service aka TmPfw.exe in Trend Micro Network Security Component NSC modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service service crash via a packet with...

CVE-2008-3865

Multiple heap-based buffer overflows in the ApiThread function in the firewall service aka TmPfw.exe in Trend Micro Network Security Component NSC modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary...