Trend Micro Officescan — known CVE vulnerabilities
Every CVE whose affected-product data names Trend Micro Officescan, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2008-3865 — CVSS 10.0 (critical): Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security…
CVE-2006-1381 — CVSS 10.0 (critical): Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to…
CVE-2008-2437 — CVSS 10.0 (critical): Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0…
CVE-2008-4402 — CVSS 10.0 (critical): Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build…
CVE-2007-3455 — CVSS 10.0 (critical): cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password…
CVE-2008-3862 — CVSS 10.0 (critical): Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374…
CVE-2007-3454 — CVSS 10.0 (critical): Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to…
CVE-2007-0851 — CVSS 9.3 (critical): Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber…
CVE-2008-3364 — CVSS 9.3 (critical): Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition…
CVE-2006-6458 — CVSS 7.8 (high): The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet…
CVE-2005-0533 — CVSS 7.5 (high): Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote…
CVE-2006-6178 — CVSS 7.5 (high): Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote…
CVE-2006-6179 — CVSS 7.5 (high): Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows…
CVE-2003-1341 — CVSS 7.5 (high): The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from…
CVE-2004-2430 — CVSS 7.2 (high): Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection…
CVE-2000-0205 — CVSS 6.4 (medium): Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
CVE-2005-3379 — CVSS 5.1 (medium): Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the…
CVE-2006-5157 — CVSS 5.1 (medium): Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1…
CVE-2008-4403 — CVSS 5.0 (medium): The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote…
CVE-2000-0204 — CVSS 5.0 (medium): The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises…
CVE-2001-1150 — CVSS 5.0 (medium): Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote…
CVE-2001-1151 — CVSS 5.0 (medium): Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the…
CVE-2006-5212 — CVSS 5.0 (medium): Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE)…
CVE-2008-2439 — CVSS 5.0 (medium): Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend…
CVE-2008-3864 — CVSS 5.0 (medium): The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend…
CVE-2000-0203 — CVSS 5.0 (medium): The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.
CVE-2008-3866 — CVSS 4.6 (medium): The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro…
CVE-2002-1349 — CVSS 4.6 (medium): Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to…
CVE-2004-2006 — CVSS 4.6 (medium): Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which…