VYPR

Internet Security

by Trend Micro

CVEs (25)

  • CVE-2017-5565MedMar 21, 2017
    risk 0.44cvss 6.7epss 0.01

    Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any…

  • CVE-2016-1225MedJun 19, 2016
    risk 0.43cvss 6.5epss 0.03

    Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2016-1226MedJun 19, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-3189Aug 31, 2010
    risk 0.06cvss epss 0.39

    The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.

  • CVE-2009-0686Apr 1, 2009
    risk 0.03cvss epss 0.01

    The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.

  • CVE-2008-3865Jan 21, 2009
    risk 0.01cvss epss 0.06

    Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers…

  • CVE-2007-0851Feb 8, 2007
    risk 0.01cvss epss 0.08

    Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.

  • CVE-2023-28929Jun 26, 2023
    risk 0.00cvss epss 0.00

    Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file…

  • CVE-2022-40710Sep 28, 2022
    risk 0.00cvss epss 0.00

    A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code…

  • CVE-2022-40709Sep 28, 2022
    risk 0.00cvss epss 0.00

    An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2022-40708Sep 28, 2022
    risk 0.00cvss epss 0.00

    An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2022-40707Sep 28, 2022
    risk 0.00cvss epss 0.00

    An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute…

  • CVE-2021-31520May 10, 2021
    risk 0.00cvss epss 0.04

    A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface.

  • CVE-2020-8602Aug 27, 2020
    risk 0.00cvss epss 0.04

    A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vulnerability Protection 2.0 SP2 may allow an authenticated attacker with full control privileges to bypass file integrity checks, leading to remote code execution.

  • CVE-2020-15601Aug 27, 2020
    risk 0.00cvss epss 0.03

    If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication…

  • CVE-2020-8607Aug 5, 2020
    risk 0.00cvss epss 0.01

    An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a…

  • CVE-2019-9488Sep 11, 2019
    risk 0.00cvss epss 0.01

    Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0) are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep…

  • CVE-2010-5179Aug 25, 2012
    risk 0.00cvss epss 0.00

    Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via…

  • CVE-2011-1327May 20, 2011
    risk 0.00cvss epss 0.00

    The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger.

  • CVE-2008-3866Jan 21, 2009
    risk 0.00cvss epss 0.00

    The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the…

Page 1 of 2