CVE-2008-3866

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Internet Security 2008; Internet Security 2007; Officescan
Vendor: CVE Published:; 21 January 2009

Summary

The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.

References

http://secunia.com/secunia_research/2008-43/

x_refsource_MISC

http://www.trendmicro.com/ftp/documentation/readme/OSCE8....

x_refsource_MISC

http://www.securitytracker.com/id?1021616

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 21, 2009
Vulnerability Reserved
Aug 29, 2008