Vulnerability Description
Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trend Micro | Internet Security 2007 | All versions |
| Trend Micro | Internet Security 2008 | 17.0.1224 |
| Trend Micro | Officescan | 8.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31160Vendor Advisory
- http://secunia.com/advisories/33609Vendor Advisory
- http://secunia.com/secunia_research/2008-42/Vendor Advisory
- http://securityreason.com/securityalert/4937
- http://www.securityfocus.com/archive/1/500195/100/0/threaded
- http://www.securityfocus.com/bid/33358Patch
- http://www.securitytracker.com/id?1021614
- http://www.securitytracker.com/id?1021615
- http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPaVendor Advisory
- http://www.vupen.com/english/advisories/2009/0191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48107
- http://secunia.com/advisories/31160Vendor Advisory
- http://secunia.com/advisories/33609Vendor Advisory
- http://secunia.com/secunia_research/2008-42/Vendor Advisory
- http://securityreason.com/securityalert/4937
FAQ
What is CVE-2008-3865?
CVE-2008-3865 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP...
How severe is CVE-2008-3865?
CVE-2008-3865 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3865?
Check the references section above for vendor advisories and patch information. Affected products include: Trend Micro Internet Security 2007, Trend Micro Internet Security 2008, Trend Micro Officescan.