Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Trend Micro OfficeScan / Trend Micro Internet Security
Опубликовано:20 января 2009 г.
Источник:
SecurityVulns ID:9607
Тип:локальная
Уровень опасности:
5/10
Описание:Манипуляция настройками, DoS.
Затронутые продукты:TM : OfficeScan 8.0
 TM : Trend Micro Internet Security 2007
 TM : Trend Micro Internet Security 2008
CVE:CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.)
 CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.)
 CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.)
Оригинальный текстdocumentSECUNIA, [Full-disclosure] Secunia Research: Trend Micro NSC Firewall Configuration Vulnerability (20.01.2009)
 documentSECUNIA, [Full-disclosure] Secunia Research: Trend Micro Network Security Component Vulnerabilities (20.01.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород