CVE-2008-3865

2009-01-2120:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-3865

buffer overflow

trend micro

nsc

officescan

internet security

remote code execution

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.55 Medium

EPSS

Percentile

97.7%

JSON

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.

Affected configurations

NVD

Node

trend_microinternet_security_2007

trend_microinternet_security_2008Match17.0.1224

trend_microofficescanMatch8.0sp1

CPENameOperatorVersion
trend_micro:internet_security_2007trend micro internet security 2007eq*
trend_micro:internet_security_2008trend micro internet security 2008eq17.0.1224
trend_micro:officescantrend micro officescaneq8.0

CPE	Name	Operator	Version
trend_micro:internet_security_2007	trend micro internet security 2007	eq	*
trend_micro:internet_security_2008	trend micro internet security 2008	eq	17.0.1224
trend_micro:officescan	trend micro officescan	eq	8.0