Denial of Service Vulnerability in Trend Micro OfficeScan and Internet Security
CVE-2008-3864

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Internet Security 2008; Internet Security 2007; Officescan
Vendor: CVE Published:; 21 January 2009

Summary

The ApiThread function in the firewall service, TmPfw.exe, within Trend Micro's Network Security Component allows remote attackers to trigger a denial of service condition. This is achieved by sending a packet containing a dangerously high value in an unspecified size field, causing a crash of the firewall service. This vulnerability affects users of Trend Micro OfficeScan 8.0 SP1 Patch 1, as well as Internet Security solutions from 2007 and 2008, compromising the security and stability of affected systems.

References

http://www.securitytracker.com/id?1021615

vdb-entryx_refsource_SECTRACK

http://secunia.com/secunia_research/2008-42/

x_refsource_MISC

http://www.trendmicro.com/ftp/documentation/readme/OSCE8....

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 21, 2009
Vulnerability Reserved
Aug 29, 2008