CVE-2008-3866

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan version 8.0 SP1 Patch 1 Trend Micro Internet Security versions 2007 and 2008 17.0.1224

Description The issue allows local users to bypass intended access restrictions and change firewall settings by sending crafted packets using a modified client. This is due to the reliance on client-side password protection implemented in the configuration GUI of the Trend Micro Personal Firewall service.

Recommendations For Trend Micro OfficeScan version 8.0 SP1 Patch 1, consider restricting access to the configuration GUI to minimize the risk of exploitation. For Trend Micro Internet Security versions 2007 and 2008 17.0.1224, avoid using the modified client to send crafted packets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.