CVE-2008-3865

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Internet Security 2008; Internet Security 2007; Officescan
Vendor: CVE Published:; 21 January 2009

Summary

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.

References

http://www.securitytracker.com/id?1021615

vdb-entryx_refsource_SECTRACK

http://secunia.com/secunia_research/2008-42/

x_refsource_MISC

http://www.trendmicro.com/ftp/documentation/readme/OSCE8....

x_refsource_CONFIRM

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 21, 2009
Vulnerability Reserved
Aug 29, 2008