Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-0072

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Nov, 2008 | 23:00
Updated At-07 Aug, 2024 | 12:03
Rejected At-
Credits

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Nov, 2008 | 23:00
Updated At:07 Aug, 2024 | 12:03
Rejected At:
▼CVE Numbering Authority (CNA)

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/32618
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/32261
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/38760
vdb-entry
x_refsource_XF
http://www.kb.cert.org/vuls/id/768681
third-party-advisory
x_refsource_CERT-VN
http://blogs.iss.net/archive/trend.html
x_refsource_MISC
http://www.vupen.com/english/advisories/2008/3127
vdb-entry
x_refsource_VUPEN
http://www.iss.net/threats/309.html
third-party-advisory
x_refsource_ISS
Hyperlink: http://secunia.com/advisories/32618
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/32261
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38760
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.kb.cert.org/vuls/id/768681
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://blogs.iss.net/archive/trend.html
Resource:
x_refsource_MISC
Hyperlink: http://www.vupen.com/english/advisories/2008/3127
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.iss.net/threats/309.html
Resource:
third-party-advisory
x_refsource_ISS
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/32618
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/32261
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/38760
vdb-entry
x_refsource_XF
x_transferred
http://www.kb.cert.org/vuls/id/768681
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://blogs.iss.net/archive/trend.html
x_refsource_MISC
x_transferred
http://www.vupen.com/english/advisories/2008/3127
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.iss.net/threats/309.html
third-party-advisory
x_refsource_ISS
x_transferred
Hyperlink: http://secunia.com/advisories/32618
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/32261
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38760
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/768681
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://blogs.iss.net/archive/trend.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/3127
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.iss.net/threats/309.html
Resource:
third-party-advisory
x_refsource_ISS
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:17 Nov, 2008 | 23:30
Updated At:29 Jul, 2017 | 01:29

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Trend Micro Incorporated
trend_micro
>>serverprotect>>5.7
cpe:2.3:a:trend_micro:serverprotect:5.7:*:*:*:*:*:*:*
Trend Micro Incorporated
trend_micro
>>serverprotect>>5.58
cpe:2.3:a:trend_micro:serverprotect:5.58:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://blogs.iss.net/archive/trend.htmlcve@mitre.org
N/A
http://secunia.com/advisories/32618cve@mitre.org
Vendor Advisory
http://www.iss.net/threats/309.htmlcve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/768681cve@mitre.org
US Government Resource
http://www.securityfocus.com/bid/32261cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/3127cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/38760cve@mitre.org
N/A
Hyperlink: http://blogs.iss.net/archive/trend.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32618
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.iss.net/threats/309.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/768681
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/32261
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/3127
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/38760
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1650Records found
CVE-2007-4731
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-35.61% / 96.94%
||
7 Day CHG~0.00%
Published-12 Sep, 2007 | 01:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4218
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-58.48% / 98.12%
||
7 Day CHG~0.00%
Published-22 Aug, 2007 | 23:00
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-189
Not Available
CWE ID-CWE-20
Improper Input Validation
CVE-2006-5269
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.62% / 96.02%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, probably related to an RPC interface.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3865
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-29.34% / 96.42%
||
7 Day CHG~0.00%
Published-21 Jan, 2009 | 20:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allow remote attackers to execute arbitrary code via a packet with a small value in an unspecified size field.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-internet_security_2007internet_security_2008officescann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3862
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-40.42% / 97.25%
||
7 Day CHG~0.00%
Published-23 Oct, 2008 | 21:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to "parsing CGI requests."

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2437
Matching Score-10
Assigner-Flexera Software LLC
ShareView Details
Matching Score-10
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-29.75% / 96.46%
||
7 Day CHG~0.00%
Published-16 Sep, 2008 | 22:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 and 8.0 SP1, and Client Server Messaging Security 3.6 allows remote attackers to execute arbitrary code via an HTTP request containing a long ComputerName parameter.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-client-server-messaging_securityofficescann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-4402
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-15.57% / 94.42%
||
7 Day CHG~0.00%
Published-03 Oct, 2008 | 15:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0014
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.80% / 94.25%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0013
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.80% / 94.25%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-3454
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-19.74% / 95.22%
||
7 Day CHG~0.00%
Published-27 Jun, 2007 | 00:00
Updated-07 Aug, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-2508
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-78.61% / 99.00%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 23:00
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0074
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-29.46% / 96.44%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0073
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-29.46% / 96.44%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 12:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0012
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.80% / 94.25%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-5001
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-74.71% / 98.81%
||
7 Day CHG~0.00%
Published-25 Dec, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-control_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4490
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.94% / 75.30%
||
7 Day CHG~0.00%
Published-22 Aug, 2007 | 23:00
Updated-07 Aug, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CVE-2006-5268
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-18.32% / 94.96%
||
7 Day CHG~0.00%
Published-17 Nov, 2008 | 23:00
Updated-07 Aug, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via vectors related to obtaining "administrative access to the RPC interface."

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-287
Improper Authentication
CVE-2006-1381
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.38% / 58.85%
||
7 Day CHG~0.00%
Published-24 Mar, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescann/a
CVE-2007-6507
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-71.36% / 98.66%
||
7 Day CHG~0.00%
Published-20 Dec, 2007 | 23:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-264
Not Available
CVE-2001-1574
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.62% / 85.09%
||
7 Day CHG~0.00%
Published-05 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-interscan_viruswalln/a
CVE-2001-0679
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-11.10% / 93.18%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-interscan_viruswalln/a
CVE-2001-0432
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.01% / 90.33%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-interscan_viruswalln/a
CVE-2001-0133
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.84% / 73.78%
||
7 Day CHG~0.00%
Published-14 Feb, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-interscan_viruswalln/a
CVE-2007-4219
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-39.62% / 97.20%
||
7 Day CHG~0.00%
Published-22 Aug, 2007 | 23:00
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-189
Not Available
CVE-2000-0428
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.81% / 87.66%
||
7 Day CHG~0.00%
Published-12 Jul, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-interscan_viruswalln/a
CVE-2001-1573
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.95% / 82.69%
||
7 Day CHG~0.00%
Published-05 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-interscan_viruswalln/a
CVE-2007-3455
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.53% / 80.54%
||
7 Day CHG~0.00%
Published-27 Jun, 2007 | 00:00
Updated-07 Aug, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescann/a
CWE ID-CWE-264
Not Available
CVE-2007-2533
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-19.07% / 95.10%
||
7 Day CHG~0.00%
Published-09 May, 2007 | 00:00
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CVE-2007-2528
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.30% / 88.42%
||
7 Day CHG~0.00%
Published-08 May, 2007 | 23:00
Updated-07 Aug, 2024 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CVE-2007-1070
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-78.11% / 98.98%
||
7 Day CHG~0.00%
Published-21 Feb, 2007 | 11:00
Updated-07 Aug, 2024 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

Action-Not Available
Vendor-n/aTrend Micro IncorporatedMicrosoft Corporation
Product-windows_vistawindows_2003_serverwindows_xpserverprotectwindows_ntwindows_2000n/a
CVE-2007-0325
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-9.3||HIGH
EPSS-73.58% / 98.76%
||
7 Day CHG~0.00%
Published-20 Feb, 2007 | 17:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescan_corporate_editionclient-server-messaging_securityn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3364
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-48.65% / 97.67%
||
7 Day CHG~0.00%
Published-30 Jul, 2008 | 16:03
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1365
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-75.21% / 98.83%
||
7 Day CHG~0.00%
Published-17 Mar, 2008 | 22:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-officescan_corporate_editionn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6386
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.34% / 79.20%
||
7 Day CHG~0.00%
Published-15 Dec, 2007 | 02:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-trend_micro_internet_security__virus_busttrend_micro_antivirus_plus_antispywaretrend_micro_internet_security_pron/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-1929
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.75% / 89.01%
||
7 Day CHG~0.00%
Published-14 Dec, 2005 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4277
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.07% / 20.95%
||
7 Day CHG~0.00%
Published-30 Oct, 2007 | 22:00
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-pc-cillin_internet_security_2007scan_enginen/a
CWE ID-CWE-264
Not Available
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-6824
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-13.84% / 94.04%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 20:44
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-119: Buffer Errors vulnerability exists in ProClima (all versions prior to version 8.0.0) which allows an unauthenticated, remote attacker to execute arbitrary code on the targeted system in all versions of ProClima prior to version 8.0.0.

Action-Not Available
Vendor-Schneider Electric SE
Product-proclimaProClima all versions prior to version 8.0.0
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2450
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.04% / 86.13%
||
7 Day CHG~0.00%
Published-11 Nov, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playeradobe_airmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1852
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-42.60% / 97.37%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.

Action-Not Available
Vendor-n/aHP Inc.
Product-intelligent_management_centern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-7020
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-18.82% / 95.05%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 17:54
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2425
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-9.78% / 92.65%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowsandroidflash_playersunosadobe_airmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1728
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-43.82% / 97.44%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-7066
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.14% / 92.81%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:53
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1914
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-1.32% / 79.05%
||
7 Day CHG~0.00%
Published-21 Feb, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-adam_opc_servermodbus_tcp_opc_servermodbus_rtu_opc_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1733
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-43.82% / 97.44%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.

Action-Not Available
Vendor-n/aHP Inc.
Product-openview_storage_data_protectorn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2595
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-74.00% / 98.78%
||
7 Day CHG~0.00%
Published-14 Sep, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.

Action-Not Available
Vendor-acdseen/a
Product-fotoslaten/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2445
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-1.77% / 81.89%
||
7 Day CHG~0.00%
Published-11 Nov, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCSun Microsystems (Oracle Corporation)Apple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playeradobe_airmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-7054
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-2.79% / 85.51%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:26
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-2667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.24% / 95.98%
||
7 Day CHG~0.00%
Published-28 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Security 8.1 before 8.1.0.69 and CA Total Defense r12, does not properly parse URLs, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and daemon crash) via a malformed request.

Action-Not Available
Vendor-n/aBroadcom Inc.CA Technologies (Broadcom Inc.)
Product-gateway_securitytotal_defensen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-79.00% / 99.02%
||
7 Day CHG~0.00%
Published-05 Apr, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.

Action-Not Available
Vendor-7tn/a
Product-igssn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 32
  • 33
  • Next
Details not found