Summary
| Detail | |||
|---|---|---|---|
| Vendor | Trend Micro | First view | 2009-01-21 |
| Product | Internet Security 2007 | Last view | 2009-01-21 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:trend_micro:internet_security_2007:*:*:*:*:*:*:*:* | 3 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.6 | 2009-01-21 | CVE-2008-3866 | The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets. |
| 10 | 2009-01-21 | CVE-2008-3865 | Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field. |
| 5 | 2009-01-21 | CVE-2008-3864 | The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-287 | Improper Authentication |
| 33% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 33% (1) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 53193 | Trend Micro Multiple Products NSC Module Personal Firewall Service (TmPfw.exe... |
| 53192 | Trend Micro Multiple Products Personal Firewall Service (TmPfw.exe) ApiThread... |
| 53191 | Trend Micro Multiple Products Personal Firewall Service (TmPfw.exe) ApiThread... |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-01-23 | Name: The remote host contains an application that is affected by multiple vulnerab... File: trendmicro_officescan_nsc_module_multiple_vuln.nasl - Type: ACT_GATHER_INFO |
