CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3865

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile16.79th
PublishedJan 21, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.

Affected Platforms (CPE)

πŸ“¦
Trend Micro

Internet Security 2007

All versions
πŸ“¦
Trend Micro

Internet Security 2008

= 17.0.1224
πŸ“¦
Trend Micro

Officescan

= 8.0

References & Advisories

πŸ”— http://secunia.com/advisories/31160
πŸ”— http://secunia.com/advisories/33609
πŸ”— http://secunia.com/secunia_research/2008-42/
πŸ”— http://securityreason.com/securityalert/4937
πŸ”— http://www.securityfocus.com/archive/1/500195/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/33358
πŸ”— http://www.securitytracker.com/id?1021614
πŸ”— http://www.securitytracker.com/id?1021615

Related Vulnerabilities

CVE-2009-004210.0

Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Vi...

CVE-2008-30129.3

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser...

CVE-2007-53489.3

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1...

CVE-2008-30149.3

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vist...