Trend Micro: >> Officescan >> 3.0 Security Vulnerabilities
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
CVSS Score
9.3
EPSS Score
0.35
Published
2007-02-08
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.
CVSS Score
7.5
EPSS Score
0.07
Published
2005-05-02
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
CVSS Score
7.2
EPSS Score
0.001
Published
2004-12-31
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.
CVSS Score
4.6
EPSS Score
0.001
Published
2004-05-07
The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe.
CVSS Score
7.5
EPSS Score
0.061
Published
2003-12-31