Heap-based Buffer Overflow in Trend Micro Network Security Component
CVE-2008-3865

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Internet Security 2008; Internet Security 2007; Officescan
Vendor: CVE Published:; 21 January 2009

Summary

The vulnerability resides in the ApiThread function of the firewall service (TmPfw.exe) within the Trend Micro Network Security Component, impacting multiple versions including OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007/2008. Attackers can exploit this flaw by sending specially crafted packets containing small values in unspecified size fields, potentially allowing for arbitrary code execution. This poses significant risks to systems relying on these security solutions, emphasizing the importance of applying patches and updates promptly.

References

http://www.securitytracker.com/id?1021615

vdb-entryx_refsource_SECTRACK

http://secunia.com/secunia_research/2008-42/

x_refsource_MISC

http://www.trendmicro.com/ftp/documentation/readme/OSCE8....

x_refsource_CONFIRM

EPSS Score

29% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 21, 2009
Vulnerability Reserved
Aug 29, 2008