EUVD-2017-3024

Malware in sbrugna...

The vulnerability of the BuildEnterpriseSearchString method implemented by the PolicyServer server of the Trend Micro Endpoint Encryption (TMEE) encryption data solution allows a perpetrator to increase their privileges.

The vulnerability of the BuildEnterpriseSearchString method implemented by the PolicyServer server of the Trend Micro Endpoint Encryption TMEE encryption data solution is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability can allow an attacker...

The vulnerability of the PolicyServerWindowsService class in the PolicyServer server, which is part of Trend Micro Endpoint Encryption (TMEE), allows a perpetrator to execute arbitrary code.

The vulnerability of the PolicyServerWindowsService class in the PolicyServer server, a component of the Trend Micro Endpoint Encryption TMEE data encryption tool, is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to...

Trend Micro Encryption for Email Gateway LauncherServer DownloadBlackList Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The flaw exists within the...

Trend Micro Encryption for Email Gateway DBCrypto Authentication Weakness Vulnerability

This vulnerability allows attackers to recover user passwords on vulnerable installations of Trend Micro Encryption for Email Gateway. An attacker must first obtain access to the user database on the target system in order to exploit this vulnerability. The specific flaw exists within the DBCrypt...

Trend Micro Encryption for Email Gateway formChangePass username SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Encryption for Email Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

Trend Micro Encryption for Email DLL Loads Remote Code Execution Vulnerability

Trend Micro Encryption for Email is a suite of encryption technologies for email from Trend Micro. A security vulnerability exists in Trend Micro Encryption for Email version 5.6. A remote attacker could exploit the vulnerability to execute arbitrary code on an affected system...

CVE-2017-11397

A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system...

CVE-2017-11397

A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system...

Design/Logic Flaw

A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system...

CVE-2017-11397

A service DLL preloading vulnerability affects Trend Micro Encryption for Email versions ≤ 5.6, where an unauthenticated remote attacker could trigger arbitrary code execution on the vulnerable system. The root cause is a DLL preloading issue in the service component, enabling code execution with...