PT-2009-1213 · Trend Micro · Trend Micro Officescan+2

Published

2009-01-21

Updated

2018-10-11

CVE-2008-3864

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan version 8.0 SP1 Patch 1 Trend Micro Internet Security versions 2007 and 2008 17.0.1224

Description The issue concerns the ApiThread function in the firewall service of Trend Micro Network Security Component modules. It allows remote attackers to cause a denial of service by crashing the service with a packet containing a large value in an unspecified size field.

Recommendations For Trend Micro OfficeScan version 8.0 SP1 Patch 1, consider disabling the ApiThread function in the firewall service as a temporary workaround until a patch is available. For Trend Micro Internet Security versions 2007 and 2008 17.0.1224, restrict access to the firewall service to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-3864

Affected Products

Trend Micro Internet Security

Trend Micro Home Network Security

Trend Micro Officescan

PT-2009-1213 · Trend Micro · Trend Micro Officescan+2

CVE-2008-3864

Weakness Enumeration

Related Identifiers

Affected Products

References · 13