6 matches found
CVE-2019-14688
This CVE affects Trend Micro installer packages. A DLL hijack vulnerability was present in an installer version used by multiple Trend Micro products and could be exploited only during the initial product installation by an authorized user. The attacker must cause the target to place a malicious ...
CVE-2017-14091
Trend Micro ScanMail for Exchange 12.0/12 SP1 Patch 1 (SMEX) is affected by CVE-2017-14091 via its update mechanism. The issue arises when administrators configure alternative download sources for updates; those packages are not signed or validated (only size matched), enabling an attacker to ove...
CVE-2021-25252
CVE-2021-25252 concerns Trend Micro’s Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) experiencing a memory exhaustion vulnerability that can cause denial-of-service or a system freeze when processing specially crafted files. Affected components: VSAPI and ATSE in Trend Micro produc...
CVE-2017-14090
CVE-2017-14090 affects Trend Micro ScanMail for Exchange 12.0. The vulnerability lies in the update mechanism: communications to update servers are unencrypted (HTTP) and lack certificate validation, enabling eavesdropping/tampering. Core Security’s advisory details that vulnerable update paths a...
CVE-2017-14092
CVE-2017-14092 describes a Cross-Site Request Forgery vulnerability in Trend Micro ScanMail for Exchange (SMEX) 12.x web interface. Root cause: the web forms lack Anti-CSRF tokens, allowing an authenticated user who visits a malicious domain to submit authenticated requests to the SMEX web consol...
CVE-2017-14093
Trend Micro ScanMail for Exchange 12.x (SMEX) contains a cross-site scripting vulnerability (CVE-2017-14093) in the Web-based Logs and Quarantine Query pages. The root cause is improper input handling on the logs/ Quarantine pages, allowing injected script via parameters such as optRemoteLog, txt...