vulnerability CVE-2008-3864 CVE-2008-3865
Trend Micro IS: vulnerabilities of TmPfw.exe
Synthesis of the vulnerability
An attacker can use two vulnerabilities of the firewall service of Trend Micro Internet Security in order to create a denial of service or to execute code.Impacted products:
Trend Micro Internet Security.
BID-33358, CERTA-2009-AVI-026, CVE-2008-3864, CVE-2008-3865, VIGILANCE-VUL-8405.
Description of the vulnerability
The firewall service of Trend Micro Internet Security (TmPfw.exe) listens on port 40000/tcp. The ApiThread() function does not correctly analyzes received packets, which creates two vulnerabilities.
A packet containing a small size creates an overflow, leading to code execution with SYSTEM privileges. [severity:3/4; CVE-2008-3865]
A packet containing a large size creates a denial of service. [severity:2/4; CERTA-2009-AVI-026, CVE-2008-3864]Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a computers vulnerabilities announce
. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.