Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Officescan
(Trend_micro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-10-10 | CVE-2006-5212 | Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. | Officescan | N/A | ||
| 2006-10-05 | CVE-2006-5157 | Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search". | Officescan | N/A | ||
| 2005-10-30 | CVE-2005-3379 | Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program... | Officescan, Pc\-Cillin_2005 | N/A | ||
| 2005-05-02 | CVE-2005-0533 | Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. | Client\-Server\-Messaging_suite_smb, Client\-Server_suite_smb, Control_manager, Interscan_emanager, Interscan_messaging_security_suite, Interscan_viruswall, Interscan_web_security_suite, Interscan_webmanager, Interscan_webprotect, Officescan, Pc\-Cillin, Portalprotect, Scanmail, Scanmail_emanager, Serverprotect | N/A | ||
| 2004-12-31 | CVE-2004-2430 | Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. | Officescan | N/A | ||
| 2004-05-07 | CVE-2004-2006 | Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. | Officescan | N/A | ||
| 2003-12-31 | CVE-2003-1341 | The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe. | Officescan, Virus_buster | N/A | ||
| 2001-10-15 | CVE-2001-1151 | Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. | Officescan, Virus_buster | N/A | ||
| 2001-08-22 | CVE-2001-1150 | Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files. | Officescan, Virus_buster | N/A |