Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3866

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-3866
Last Modified 07 Mar 2011 10:11:32
Published 21 Jan 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3866

Summary

The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.

Vulnerable Systems

Application

  • Trend Micro Internet Security 2007

  • Trend Micro Internet Security 2008 17.0.1224

  • Trend Micro Officescan 8.0


References

BID - 33358

SECUNIA - 33609

SECUNIA - 31160

XF - nsc-tmpfw-security-bypass(48108)

VUPEN - ADV-2009-0191

MISC - http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt

SECTRACK - 1021617

SECTRACK - 1021616

MISC - http://secunia.com/secunia_research/2008-43/


Last Updated: 27 May 2016 10:48:20