返回 CVE 瀏覽器

CVE-2008-3865

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0090%

EPSS Percentile16.79th

Published2009年1月21日

Last Modified2026年4月23日

Vulnerability Description

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.

Affected Platforms (CPE)

📦

Trend Micro

Internet Security 2007

All versions

📦

Trend Micro

Internet Security 2008

= 17.0.1224

📦

Trend Micro

Officescan

= 8.0

References & Advisories

🔗 http://secunia.com/advisories/31160

🔗 http://secunia.com/advisories/33609

🔗 http://secunia.com/secunia_research/2008-42/

🔗 http://securityreason.com/securityalert/4937

🔗 http://www.securityfocus.com/archive/1/500195/100/0/threaded

🔗 http://www.securityfocus.com/bid/33358

🔗 http://www.securitytracker.com/id?1021614

🔗 http://www.securitytracker.com/id?1021615

相關漏洞威脅

CVE-2009-004210.0

Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Vi...

CVE-2008-30129.3

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Ser...

CVE-2007-53489.3

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1...

CVE-2008-30149.3

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vist...