Officescan
by Trend Micro
CVEs (97)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-3455 | 0.00 | — | 0.03 | Jun 27, 2007 | cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user… | |||
| CVE-2007-3454 | 0.00 | — | 0.06 | Jun 27, 2007 | Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this… | |||
| CVE-2006-6458 | 0.00 | — | 0.03 | Dec 11, 2006 | The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via… | |||
| CVE-2006-6179 | 0.00 | — | 0.03 | Nov 30, 2006 | Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||
| CVE-2006-6178 | 0.00 | — | 0.03 | Nov 30, 2006 | Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||
| CVE-2006-5212 | 0.00 | — | 0.02 | Oct 10, 2006 | Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename… | |||
| CVE-2006-5211 | 0.00 | — | 0.03 | Oct 10, 2006 | Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP… | |||
| CVE-2006-5157 | 0.00 | — | 0.06 | Oct 5, 2006 | Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name… | |||
| CVE-2006-1381 | 0.00 | — | 0.02 | Mar 24, 2006 | Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. | |||
| CVE-2005-3379 | 0.00 | — | 0.01 | Oct 30, 2005 | Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is… | |||
| CVE-2005-0533 | 0.00 | — | 0.04 | May 2, 2005 | Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. | |||
| CVE-2004-2430 | 0.00 | — | 0.00 | Dec 31, 2004 | Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. | |||
| CVE-2004-2006 | 0.00 | — | 0.01 | May 7, 2004 | Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. | |||
| CVE-2001-1151 | 0.00 | — | 0.02 | Oct 15, 2001 | Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. | |||
| CVE-2001-1150 | 0.00 | — | 0.02 | Aug 22, 2001 | Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files. | |||
| CVE-2000-0205 | 0.00 | — | 0.02 | Mar 3, 2000 | Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients. | |||
| CVE-2000-0203 | 0.00 | — | 0.02 | Feb 28, 2000 | The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345. |
- CVE-2007-3455Jun 27, 2007risk 0.00cvss —epss 0.03
cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user…
- CVE-2007-3454Jun 27, 2007risk 0.00cvss —epss 0.06
Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this…
- CVE-2006-6458Dec 11, 2006risk 0.00cvss —epss 0.03
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via…
- CVE-2006-6179Nov 30, 2006risk 0.00cvss —epss 0.03
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
- CVE-2006-6178Nov 30, 2006risk 0.00cvss —epss 0.03
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
- CVE-2006-5212Oct 10, 2006risk 0.00cvss —epss 0.02
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename…
- CVE-2006-5211Oct 10, 2006risk 0.00cvss —epss 0.03
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP…
- CVE-2006-5157Oct 5, 2006risk 0.00cvss —epss 0.06
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name…
- CVE-2006-1381Mar 24, 2006risk 0.00cvss —epss 0.02
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
- CVE-2005-3379Oct 30, 2005risk 0.00cvss —epss 0.01
Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is…
- CVE-2005-0533May 2, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.
- CVE-2004-2430Dec 31, 2004risk 0.00cvss —epss 0.00
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
- CVE-2004-2006May 7, 2004risk 0.00cvss —epss 0.01
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.
- CVE-2001-1151Oct 15, 2001risk 0.00cvss —epss 0.02
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
- CVE-2001-1150Aug 22, 2001risk 0.00cvss —epss 0.02
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
- CVE-2000-0205Mar 3, 2000risk 0.00cvss —epss 0.02
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
- CVE-2000-0203Feb 28, 2000risk 0.00cvss —epss 0.02
The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.
Page 5 of 5