Vulnerability Description
The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trend Micro | Internet Security 2007 | All versions |
| Trend Micro | Internet Security 2008 | 17.0.1224 |
| Trend Micro | Officescan | 8.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31160Vendor Advisory
- http://secunia.com/advisories/33609PatchVendor Advisory
- http://secunia.com/secunia_research/2008-42/
- http://securityreason.com/securityalert/4937
- http://www.securityfocus.com/archive/1/500195/100/0/threaded
- http://www.securityfocus.com/bid/33358Patch
- http://www.securitytracker.com/id?1021614
- http://www.securitytracker.com/id?1021615
- http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPaVendor Advisory
- http://www.vupen.com/english/advisories/2009/0191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48106
- http://secunia.com/advisories/31160Vendor Advisory
- http://secunia.com/advisories/33609PatchVendor Advisory
- http://secunia.com/secunia_research/2008-42/
- http://securityreason.com/securityalert/4937
FAQ
What is CVE-2008-3864?
CVE-2008-3864 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and...
How severe is CVE-2008-3864?
CVE-2008-3864 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3864?
Check the references section above for vendor advisories and patch information. Affected products include: Trend Micro Internet Security 2007, Trend Micro Internet Security 2008, Trend Micro Officescan.