29 matches found
CVE-2001-1151
Affected product : Trend Micro OfficeScan Corporate Edition (Virus Buster Corporate Edition). Vulnerability : Remote disclosure of sensitive configuration data via unauthenticated access to /officescan/hotdownload, specifically reading the configuration file ofcscan.ini which contains a weakly en...
CVE-2008-3862
Trend Micro OfficeScan CGI Parsing Buffer Overflow (CVE-2008-3862) affects OfficeScan 7.3 Patch4 build 1367 and older builds (before 1374) and 8.0 SP1 Patch1 before build 3110. The vulnerability is a boundary/stack-based overflow in CGI modules when parsing HTTP POST form data, allowing remote at...
CVE-2008-3364
Trend Micro OfficeScan ObjRemoveCtrl ActiveX control (ObjRemoveCtrl class) is affected by a boundary/stack overflow in OfficeScanRemoveCtrl.dll (OfficeScan Corp Edition Web-Deployment 7.x, 8.0; CSM 3.5/3.6; WFBS 5.0). The vulnerability can be triggered by passing a overly long value to the Server...
CVE-2008-2437
CVE-2008-2437 describes a stack-based buffer overflow in Trend Micro OfficeScan components (cgiRecvFile.exe) that can be triggered by an HTTP request with a long ComputerName parameter. The condition allows remote attackers to execute arbitrary code with SYSTEM-level privileges on affected system...
CVE-2006-6178
CVE-2006-6178 – Details : A buffer overflow in Trend Micro OfficeScan 7.3 (prior to build 7.3.0.1087) affects the PCCSRV/Web_console/RemoteInstallCGI/Wizard.exe, enabling a remote attacker to execute arbitrary code via unknown attack vectors. The NVD entry (CVSS v2 base score 7.5, HIGH) confirms ...
CVE-2007-0851
CVE-2007-0851 describes a buffer overflow in Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, exploitable when processing UPX-packed executables (as used in CCC Cleaner). The CCC Cleaner component is affected when the UPX-packed file is scanned, enabling arbitrary code ...
CVE-2000-0204
The CVE-2000-0204 entry concerns the Trend Micro OfficeScan client. It describes a denial-of-service condition triggered by remote attackers making 5 connections to port 12345, causing CPU utilization to reach 100%. The provided documents do not specify the underlying root cause, affected version...
CVE-2005-3379
CVE-2005-3379 describes a multiple interpretation error in Trend Micro products: PC-Cillin 2005 (version 12.0.1244 with engine 7.510.1002) and OfficeScan 7.0 (engine 7.510.1002). The bug arises from how the scanner handles files with an "MZ" magic byte sequence (normally associated with EXE). Suc...
CVE-2007-3454
CVE-2007-3454 describes a stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 (CGIOCommon.dll) prior to 8.0.0.1042. Remote attackers can exploit overly long session cookies sent to CGI programs using this library to execute arbitrary code. The underlying issue is lack of b...
CVE-2007-3455
The CVE-2007-3455 issue affects Trend Micro OfficeScan Corporate Edition 8.0. The vulnerability is in cgiChkMasterPwd.exe, where an empty hash and an empty encrypted password string can lead to the assignment of a valid session ID, enabling remote access to the Management Console. This constitute...
CVE-2001-1150
CVE-2001-1150 corresponds to a vulnerability in Trend Micro OfficeScan Corporate Edition (Virus Buster) 3.5.2–3.5.4 where the CGI binary cgiWebupdate.exe exposes an information-disclosure/privilege-escalation flaw. The available connected sources describe an information disclosure vulnerability t...
CVE-2000-0205
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2002-1349
Summary: CVE-2002-1349 describes a local buffer overflow in Trend Micro PC-cillin’s pop3trap.exe, affecting PC-cillin 2000, 2002, and 2003. The vulnerability arises from a long input string to TCP port 110 (POP3) in the local POP3 proxy, allowing a local attacker to execute arbitrary code with th...
CVE-2005-0533
CVE-2005-0533: Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI prior to 7.510, used across multiple Trend Micro products. An overly long ARJ header file name can overrun a buffer in the ARJ parsing path, enabling remote code execution when a crafted ARJ archive is scanned. Affec...
CVE-2006-1381
Trend Micro OfficeScan 5.5 (and likely versions before 6.5) is affected by a privilege-escalation issue caused by insecure DACLs on critical files, enabling local users to gain SYSTEM privileges by modifying tmlisten.exe. The issue is documented across multiple sources (NVD, PT-2006-2390) with ex...
CVE-2006-5157
Vulnerability summary (CVE-2006-5157): Trend Micro OfficeScan Corporate Edition (OSCE) prior to 7.3 Patch 1 contains a format-string flaw in the ATXCONSOLE.OCX ActiveX control (Management Console) that can allow remote code execution via crafted input in the remote client install name search, whe...
CVE-2004-2006
Affected software: Trend Micro OfficeScan 3.0–6.0. The vulnerability arises from default permissions of "Everyone Full Control" on the installation directory and registry keys, enabling local users to disable antivirus protection. No explicit exploit details or fixes are provided in the supplied ...
CVE-2006-6179
CVE-2006-6179 affects Trend Micro OfficeScan 7.3 (before 7.3.0.1089). A buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe could allow remote code execution. Impact per sources: remote attacker could run arbitrary code; vulnerability is exploitable over the network with l...
CVE-2008-4402
CVE-2008-4402 concerns multiple buffer overflows in the CGI modules of Trend Micro OfficeScan server. Affected products are OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087. Successful exploitation could allow remote attackers to run arbitrary code with web server privil...
CVE-2006-6458
The CVE-2006-6458 entry affects the Trend Micro scan engine before 8.320 on Windows and before 8.150 on HP-UX/AIX, used in Trend Micro PC Cillin Internet Security 2006, Office Scan 7.3, and Server Protect 5.58. Root cause: processing a malformed RAR archive where the Archive Header head_size and ...
CVE-2008-2439
CVE-2008-2439 describes a directory traversal vulnerability in the UpdateAgent function of TmListen.exe in Trend Micro OfficeScan/OfficeScanNT Listener service. A remote attacker can read arbitrary files via directory traversal sequences in an HTTP request. Affected products include OfficeScan 7....
CVE-2008-3864
CVE-2008-3864 affects Trend Micro Network Security Component (NSC) firewall modules. The ApiThread() function in the firewall service (TmPfw.exe) processes packets to the default port 40000/TCP and can trigger a heap-based overflow when a size field contains an oversized value, causing a denial o...
CVE-2008-3866
Affected product : Trend Micro OfficeScan NSC components (TmPfw.exe) used in OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007/2008 (17.0.1224). Vulnerability : The Personal Firewall service relies on client-side password protection in the configuration GUI, but this check is not enforced by ...
CVE-2004-2430
Trend OfficeScan Corporate Edition 5.58 (and possibly earlier) has a local privilege escalation vulnerability: opening a help window from a virus-detection pop-up does not drop privileges, allowing local users to gain SYSTEM privileges. The connected documents confirm affected product and the pri...
CVE-2006-5212
CVE-2006-5212 affects Trend Micro OfficeScan in multiple editions: OfficeScan 6.0 CSM SMB 2.0 before 6.0.0.1385; OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418; OfficeScan 7.0 before 7.0.0.1257; and OfficeScan 7.3 before 7.3.0.1053. The vulnerability allows a remote attacker to delete ...
CVE-2000-0203
CVE-2000-0203 affects the Trend Micro OfficeScan client, specifically the tmlisten.exe component. A remote attacker can cause a denial of service by sending malformed data to TCP port 12345, with no authentication required. The issue is classified as a network-based DoS with low attack complexity...
CVE-2008-3865
CVE-2008-3865 stems from multiple heap-based buffer overflows in Trend Micro’s Network Security Component (NSC) firewall module, within the ApiThread() function of the firewall service (TmPfw.exe). Affected products include Trend Micro OfficeScan 8.0 SP1 Patch 1 and Trend Micro Internet Security ...
CVE-2003-1341
The CVE-2003-1341 entry concerns Trend Micro OfficeScan web management console authentication bypass. Affected products are OfficeScan 3.0–3.54 and 5.x, where an attacker can bypass authentication and gain access to the web console by issuing a direct request to cgiMasterPwd.exe after bypassing c...
CVE-2008-4403
CVE-2008-4403 affects Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087. The CGI server modules can be exploited remotely to trigger a denial of service via crafted HTTP headers, caused by a NULL pointer dereference in the error handling mechanism. The availab...