Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3865

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3865
Last Modified 07 Mar 2011 10:11:32
Published 21 Jan 2009 03:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3865

Summary

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.

Vulnerable Systems

Application

  • Trend Micro Internet Security 2007

  • Trend Micro Internet Security 2008 17.0.1224

  • Trend Micro Officescan 8.0


References

BID - 33358

XF - tmpfw-apithread-bo(48107)

VUPEN - ADV-2009-0191

CONFIRM - http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt

SECTRACK - 1021615

SECTRACK - 1021614

BUGTRAQ - 20090120 Secunia Research: Trend Micro Network Security Component Vulnerabilities

SREASON - 4937

MISC - http://secunia.com/secunia_research/2008-42/

SECUNIA - 33609

SECUNIA - 31160


Last Updated: 27 May 2016 10:48:20