Trend Micro产品网络安全组件模块多个安全漏洞

BUGTRAQ ID: 33358 CVECAN ID: CVE-2008-3864,CVE-2008-3865,CVE-2008-3866 Trend Micro病毒扫描引擎为桌面、服务器和网关提供杀毒功能。 各种Trend Micro产品所捆绑的网络安全组件（NSC）模块中存在多个漏洞，允许本地用户导致拒绝服务、获得权限提升或控制防火墙设置。 1 防火墙服务（TmPfw.exe）的ApiThread函数在处理发送给该服务（默认40000/TCP端口）的报文时存在堆溢出漏洞，在大小字段中包含有较小值的报文可以触发这个溢出，大小字段中包含有超长值会导致服务崩溃。 2 Trend Micr...

CVE-2008-3864

The ApiThread function in the firewall service aka TmPfw.exe in Trend Micro Network Security Component NSC modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service service crash via a packet with...

CVE-2008-3865

Multiple heap-based buffer overflows in the ApiThread function in the firewall service aka TmPfw.exe in Trend Micro Network Security Component NSC modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary...

CVE-2008-3866

Affected product : Trend Micro OfficeScan NSC components (TmPfw.exe) used in OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007/2008 (17.0.1224). Vulnerability : The Personal Firewall service relies on client-side password protection in the configuration GUI, but this check is not enforced by ...