Local Security Bypass Vulnerability in Trend Micro Network Security Component
CVE-2008-3866

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Internet Security 2008; Internet Security 2007; Officescan
Vendor: CVE Published:; 21 January 2009

Summary

The Trend Micro Network Security Component (NSC) contains a vulnerability in its Personal Firewall service, TmPfw.exe. This flaw arises due to reliance on client-side password protection within the configuration GUI, which can be exploited by local users. By utilizing a modified client to send specifically crafted packets, these users can unintentionally bypass access controls. Consequently, this allows unauthorized changes to firewall settings, posing significant security risks to users reliant on Trend Micro's products for their digital safety.

References

http://secunia.com/secunia_research/2008-43/

x_refsource_MISC

http://www.trendmicro.com/ftp/documentation/readme/OSCE8....

x_refsource_MISC

http://www.securitytracker.com/id?1021616

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 21, 2009
Vulnerability Reserved
Aug 29, 2008