Lucene search
K
Trend MicroOfficescan

29 matches found

CVE
CVE
added 2002/03/15 5:0 a.m.113 views

CVE-2001-1151

Affected product : Trend Micro OfficeScan Corporate Edition (Virus Buster Corporate Edition). Vulnerability : Remote disclosure of sensitive configuration data via unauthenticated access to /officescan/hotdownload, specifically reading the configuration file ofcscan.ini which contains a weakly en...

5CVSS6.3AI score0.02414EPSS
CVE
CVE
added 2008/10/23 9:0 p.m.71 views

CVE-2008-3862

Trend Micro OfficeScan CGI Parsing Buffer Overflow (CVE-2008-3862) affects OfficeScan 7.3 Patch4 build 1367 and older builds (before 1374) and 8.0 SP1 Patch1 before build 3110. The vulnerability is a boundary/stack-based overflow in CGI modules when parsing HTTP POST form data, allowing remote at...

10CVSS7.8AI score0.18406EPSS
CVE
CVE
added 2008/07/30 4:3 p.m.62 views

CVE-2008-3364

Trend Micro OfficeScan ObjRemoveCtrl ActiveX control (ObjRemoveCtrl class) is affected by a boundary/stack overflow in OfficeScanRemoveCtrl.dll (OfficeScan Corp Edition Web-Deployment 7.x, 8.0; CSM 3.5/3.6; WFBS 5.0). The vulnerability can be triggered by passing a overly long value to the Server...

9.3CVSS7.7AI score0.32811EPSS
CVE
CVE
added 2008/09/16 10:0 p.m.60 views

CVE-2008-2437

CVE-2008-2437 describes a stack-based buffer overflow in Trend Micro OfficeScan components (cgiRecvFile.exe) that can be triggered by an HTTP request with a long ComputerName parameter. The condition allows remote attackers to execute arbitrary code with SYSTEM-level privileges on affected system...

10CVSS7.8AI score0.06673EPSS
CVE
CVE
added 2006/11/30 11:0 p.m.59 views

CVE-2006-6178

CVE-2006-6178 – Details : A buffer overflow in Trend Micro OfficeScan 7.3 (prior to build 7.3.0.1087) affects the PCCSRV/Web_console/RemoteInstallCGI/Wizard.exe, enabling a remote attacker to execute arbitrary code via unknown attack vectors. The NVD entry (CVSS v2 base score 7.5, HIGH) confirms ...

7.5CVSS8AI score0.02925EPSS
CVE
CVE
added 2007/02/08 6:0 p.m.59 views

CVE-2007-0851

CVE-2007-0851 describes a buffer overflow in Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, exploitable when processing UPX-packed executables (as used in CCC Cleaner). The CCC Cleaner component is affected when the UPX-packed file is scanned, enabling arbitrary code ...

9.3CVSS7.8AI score0.083EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.58 views

CVE-2000-0204

The CVE-2000-0204 entry concerns the Trend Micro OfficeScan client. It describes a denial-of-service condition triggered by remote attackers making 5 connections to port 12345, causing CPU utilization to reach 100%. The provided documents do not specify the underlying root cause, affected version...

5CVSS7AI score0.07355EPSS
CVE
CVE
added 2005/10/29 7:0 p.m.56 views

CVE-2005-3379

CVE-2005-3379 describes a multiple interpretation error in Trend Micro products: PC-Cillin 2005 (version 12.0.1244 with engine 7.510.1002) and OfficeScan 7.0 (engine 7.510.1002). The bug arises from how the scanner handles files with an "MZ" magic byte sequence (normally associated with EXE). Suc...

5.1CVSS6.9AI score0.0145EPSS
CVE
CVE
added 2007/06/27 12:0 a.m.56 views

CVE-2007-3454

CVE-2007-3454 describes a stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 (CGIOCommon.dll) prior to 8.0.0.1042. Remote attackers can exploit overly long session cookies sent to CGI programs using this library to execute arbitrary code. The underlying issue is lack of b...

10CVSS7.9AI score0.05531EPSS
CVE
CVE
added 2007/06/27 12:0 a.m.56 views

CVE-2007-3455

The CVE-2007-3455 issue affects Trend Micro OfficeScan Corporate Edition 8.0. The vulnerability is in cgiChkMasterPwd.exe, where an empty hash and an empty encrypted password string can lead to the assignment of a valid session ID, enabling remote access to the Management Console. This constitute...

10CVSS7AI score0.02996EPSS
CVE
CVE
added 2002/03/15 5:0 a.m.53 views

CVE-2001-1150

CVE-2001-1150 corresponds to a vulnerability in Trend Micro OfficeScan Corporate Edition (Virus Buster) 3.5.2–3.5.4 where the CGI binary cgiWebupdate.exe exposes an information-disclosure/privilege-escalation flaw. The available connected sources describe an information disclosure vulnerability t...

5CVSS6.7AI score0.02447EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.51 views

CVE-2000-0205

Technical details are not publicly available in the provided documents. Monitor for updates.

6.4CVSS7.3AI score0.01727EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.51 views

CVE-2002-1349

Summary: CVE-2002-1349 describes a local buffer overflow in Trend Micro PC-cillin’s pop3trap.exe, affecting PC-cillin 2000, 2002, and 2003. The vulnerability arises from a long input string to TCP port 110 (POP3) in the local POP3 proxy, allowing a local attacker to execute arbitrary code with th...

4.6CVSS7.5AI score0.01202EPSS
CVE
CVE
added 2005/02/24 5:0 a.m.51 views

CVE-2005-0533

CVE-2005-0533: Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI prior to 7.510, used across multiple Trend Micro products. An overly long ARJ header file name can overrun a buffer in the ARJ parsing path, enabling remote code execution when a crafted ARJ archive is scanned. Affec...

7.5CVSS7.9AI score0.04409EPSS
CVE
CVE
added 2006/03/24 11:0 a.m.50 views

CVE-2006-1381

Trend Micro OfficeScan 5.5 (and likely versions before 6.5) is affected by a privilege-escalation issue caused by insecure DACLs on critical files, enabling local users to gain SYSTEM privileges by modifying tmlisten.exe. The issue is documented across multiple sources (NVD, PT-2006-2390) with ex...

10CVSS6.7AI score0.01623EPSS
CVE
CVE
added 2006/10/03 11:0 p.m.50 views

CVE-2006-5157

Vulnerability summary (CVE-2006-5157): Trend Micro OfficeScan Corporate Edition (OSCE) prior to 7.3 Patch 1 contains a format-string flaw in the ATXCONSOLE.OCX ActiveX control (Management Console) that can allow remote code execution via crafted input in the remote client install name search, whe...

5.1CVSS7.7AI score0.06264EPSS
CVE
CVE
added 2005/05/10 4:0 a.m.49 views

CVE-2004-2006

Affected software: Trend Micro OfficeScan 3.0–6.0. The vulnerability arises from default permissions of "Everyone Full Control" on the installation directory and registry keys, enabling local users to disable antivirus protection. No explicit exploit details or fixes are provided in the supplied ...

4.6CVSS6.7AI score0.00502EPSS
CVE
CVE
added 2006/11/30 11:0 p.m.49 views

CVE-2006-6179

CVE-2006-6179 affects Trend Micro OfficeScan 7.3 (before 7.3.0.1089). A buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe could allow remote code execution. Impact per sources: remote attacker could run arbitrary code; vulnerability is exploitable over the network with l...

7.5CVSS8AI score0.02925EPSS
CVE
CVE
added 2008/10/03 3:0 p.m.48 views

CVE-2008-4402

CVE-2008-4402 concerns multiple buffer overflows in the CGI modules of Trend Micro OfficeScan server. Affected products are OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087. Successful exploitation could allow remote attackers to run arbitrary code with web server privil...

10CVSS7.9AI score0.05531EPSS
CVE
CVE
added 2006/12/11 5:0 p.m.47 views

CVE-2006-6458

The CVE-2006-6458 entry affects the Trend Micro scan engine before 8.320 on Windows and before 8.150 on HP-UX/AIX, used in Trend Micro PC Cillin Internet Security 2006, Office Scan 7.3, and Server Protect 5.58. Root cause: processing a malformed RAR archive where the Archive Header head_size and ...

7.8CVSS7AI score0.02521EPSS
CVE
CVE
added 2008/10/03 3:0 p.m.47 views

CVE-2008-2439

CVE-2008-2439 describes a directory traversal vulnerability in the UpdateAgent function of TmListen.exe in Trend Micro OfficeScan/OfficeScanNT Listener service. A remote attacker can read arbitrary files via directory traversal sequences in an HTTP request. Affected products include OfficeScan 7....

5CVSS6.7AI score0.20662EPSS
CVE
CVE
added 2009/01/21 8:0 p.m.47 views

CVE-2008-3864

CVE-2008-3864 affects Trend Micro Network Security Component (NSC) firewall modules. The ApiThread() function in the firewall service (TmPfw.exe) processes packets to the default port 40000/TCP and can trigger a heap-based overflow when a size field contains an oversized value, causing a denial o...

5CVSS6.7AI score0.02079EPSS
CVE
CVE
added 2009/01/21 8:0 p.m.47 views

CVE-2008-3866

Affected product : Trend Micro OfficeScan NSC components (TmPfw.exe) used in OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007/2008 (17.0.1224). Vulnerability : The Personal Firewall service relies on client-side password protection in the configuration GUI, but this check is not enforced by ...

4.6CVSS6.5AI score0.00401EPSS
CVE
CVE
added 2005/08/18 4:0 a.m.44 views

CVE-2004-2430

Trend OfficeScan Corporate Edition 5.58 (and possibly earlier) has a local privilege escalation vulnerability: opening a help window from a virus-detection pop-up does not drop privileges, allowing local users to gain SYSTEM privileges. The connected documents confirm affected product and the pri...

7.2CVSS7AI score0.00399EPSS
CVE
CVE
added 2006/10/09 9:0 p.m.44 views

CVE-2006-5212

CVE-2006-5212 affects Trend Micro OfficeScan in multiple editions: OfficeScan 6.0 CSM SMB 2.0 before 6.0.0.1385; OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418; OfficeScan 7.0 before 7.0.0.1257; and OfficeScan 7.3 before 7.3.0.1053. The vulnerability allows a remote attacker to delete ...

5CVSS6.8AI score0.0153EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.42 views

CVE-2000-0203

CVE-2000-0203 affects the Trend Micro OfficeScan client, specifically the tmlisten.exe component. A remote attacker can cause a denial of service by sending malformed data to TCP port 12345, with no authentication required. The issue is classified as a network-based DoS with low attack complexity...

5CVSS6.7AI score0.0181EPSS
CVE
CVE
added 2009/01/21 8:0 p.m.42 views

CVE-2008-3865

CVE-2008-3865 stems from multiple heap-based buffer overflows in Trend Micro’s Network Security Component (NSC) firewall module, within the ApiThread() function of the firewall service (TmPfw.exe). Affected products include Trend Micro OfficeScan 8.0 SP1 Patch 1 and Trend Micro Internet Security ...

10CVSS7.9AI score0.0643EPSS
CVE
CVE
added 2007/10/14 7:0 p.m.41 views

CVE-2003-1341

The CVE-2003-1341 entry concerns Trend Micro OfficeScan web management console authentication bypass. Affected products are OfficeScan 3.0–3.54 and 5.x, where an attacker can bypass authentication and gain access to the web console by issuing a direct request to cgiMasterPwd.exe after bypassing c...

7.5CVSS7.5AI score0.07661EPSS
CVE
CVE
added 2008/10/03 3:0 p.m.40 views

CVE-2008-4403

CVE-2008-4403 affects Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087. The CGI server modules can be exploited remotely to trigger a denial of service via crafted HTTP headers, caused by a NULL pointer dereference in the error handling mechanism. The availab...

5CVSS6.6AI score0.03166EPSS