Next Page >>
Trendmicro
========================================================
Trend Micro Data Loss Prevention 5.2 (formerly LeakProof)
Data Leakage through certain HTTP/HTTPS channels
nitrus
http://www.brainoverflow.org
Mexico
###############################################################
I encourage you to take a look to the ilustrated advisory that you would
======================================================================
Secunia Research 22/08/2008
- Trend Micro Products Web Management Authentication Bypass -
======================================================================
Table of Contents
Affected Software....................................................1
Trend Micro SSAPI Long Path Buffer Overflow Vulnerability
iDefense Security Advisory 08.20.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 20, 2007
I. BACKGROUND
Trend Micro AntiSpyware is a spyware detection and removal application
designed to help protect home users computers, networks and account
Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability
iDefense Security Advisory 10.25.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 25, 2007
I. BACKGROUND
The Trend Micro AntiVirus scan engine provides AntiVirus capabilities to
desktop, server, and gateway systems. The engine is licensed to several
I have submitted this case to our Product Specialist. We'll update you for the progress.
Regards,
Raymond F. Villafania
Systems Engineer
TrendLabs HQ, Trend Micro Incorporated
-----Original Message-----
From: Rainer Link (ADM-EU)
Sent: Thursday, February 28, 2008 5:48 AM
ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-234
July 11, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
ZDI-11-235: TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-235
July 12, 2011
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
______________________________________________________________________
Trendmicro RAR,CAB,ZIP bypass/evasions
______________________________________________________________________
Release mode: Coordinated but limited disclosure.
Ref : TZO-172009 - Trendmicro RAR,CAB,ZIP bypass/evasion
WWW : http://blog.zoller.lu/2009/04/trendmicro-multiple-evasion-and-bypass.html
Status : No patch, but mitigation recommendations for certain
products (see below)
Trend Micro ServerProtect RPCFN_SYNC_TASK Integer Overflow Vulnerability
iDefense Security Advisory 08.21.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 21, 2007
I. BACKGROUND
Trend Micro Inc.'s ServerProtect is an anti-virus software for Microsoft
Windows and Novell NetWare servers. It enables network administrators to
======================================================================
Secunia Research 22/12/2008
- Trend Micro HouseCall ActiveX Control Arbitrary Code Execution -
======================================================================
Table of Contents
Affected Software....................................................1
Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
iDefense Security Advisory 08.21.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 21, 2007
I. BACKGROUND
Trend Micro Inc.'s ServerProtect is an anti-virus software for Microsoft
Windows and Novell NetWare servers. It enables network administrators to
ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-050.html
September 7, 2007
-- CVE ID:
CVE-2007-4218
-- Affected Vendor:
Trend Micro
ZDI-07-077: Trend Micro ServerProtect StRpcSrv.dll Insecure Method
Exposure Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-077.html
December 17, 2007
-- CVE ID:
-- Affected Vendor:
Trend Micro
======================================================================
Secunia Research 22/10/2008
- Trend Micro OfficeScan CGI Parsing Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
ZDI-07-051: Trend Micro ServerProtect TMregChange() Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-051.html
September 7, 2007
-- CVE ID:
CVE-2007-4731
-- Affected Vendor:
Trend Micro
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-345
December 7, 2011
- -- CVE ID:
======================================================================
Secunia Research 21/12/2008
- Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
======================================================================
Secunia Research 20/01/2009
- Trend Micro Network Security Component Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
#######################################################################
Luigi Auriemma
Application: Trend Micro OfficeScan Corporate Edition
http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/
other Trend Micro products could be affected by this
vulnerability since it's located in a function used to
decrypt a specific type of passwords used by this vendor
Versions: <= v8.0 Patch 2 - build 1189
======================================================================
Secunia Research 02/10/2008
- Trend Micro OfficeScan Directory Traversal Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
ZDI-10-165: Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-165
August 25, 2010
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Trend Micro
[Snip..]
I. Background
~~~~~~~~~~~~~
I. Background
Quote:"Trend Micro Incorporated is a global leader in network antivirus and Internet content security software and services. Founded in 1988, Trend Micro was a pioneer in secure content and threat management, leading the migration of early virus protection from the desktop to the network server and the Internet gateway. Today, the company continues to advance its comprehensive approach to management of content security threats into the Internet cloud, encompassing information flow beyond the boundaries of the network. With its 24x7 global support operations and dedication to innovative technologies and methodologies, Trend Micro is well positioned to protect its customers against an expanding range of threats that silently endanger business operations, personal information, and property."
----------------------------------------------------------------------
(PT-2009-09) Positive Technologies Security Advisory
Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege
Escalation Vulnerabilities
----------------------------------------------------------------------
---[ Affected Software ]
======================================================================
Secunia Research 12/09/2008
- Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
More
information on the patch can be found in the following page:
* Wing FTP
Server History
Discovered by:
Sumit Kumar Soni , Trend Micro
Read more about this threat incident in the Malware Blog entry "Trend Micro Discovers Wing FTP Server PORT Command DoS Bug." hxxp://threatinfo.trendmicro.com/vinfo/SecAdvisories/default6.asp?VNAME=Wing+FTP+Server+PORT+Command+DoS+Vulnerability&Page=2
hxxp://voidroot.blogspot.com/2010/06/wing-ftp-server-port-command-dos.html
______________________________________________________________________
UPDATE : Trendmicro RAR / CAB bypass evasion
______________________________________________________________________
CHANGES to original advisory [TZO-172009] Trendmicro :
------------------------------------------------------
Status : RAR / CAB issue WILL be patched on June 17
Patch Information:
More information on the patch can be found in the following page:
https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.svnedge/wiki/Release_1.2.1
Discovered by: Sumit Kumar Soni, Trend Micro
Email: ssummit@gmail.com
For More info
http://voidroot.blogspot.com/2010/09/collabnet-subversion-edge-log-parser.html
http://threatinfo.trendmicro.com/vinfo/secadvisories/default6.asp?VName=CollabNet%20Subversion%20Edge%20Log%20Parser%20XSS/Code%20Injection%20Vulnerability
Trend Micro <http://www.trendmicro.com/> / <http://www.antivirus.com/>
offer a free malware cleanup tool named "HouseCall 7.1" for Windows:
<http://housecall.trendmicro.com/>
<http://go.trendmicro.com/housecall7/HousecallLauncher.exe>
<http://go.trendmicro.com/housecall7/HousecallLauncher64.exe>
Versions of this "security" product before the current build 1078
from 2010-08-30, published 2010-09-06 (according to HTTP timestamp),
came with outdated and vulnerable OpenSource components:
[Vendor Product Description]
- Secure any endpoint – physical or virtual – with the industry’s strongest,
most reliable protection, while reducing the impact on your endpoint resources.
Harness the power of the cloud with to-the-second protection from the
Trend Micro Smart Protection Network.
Ground-breaking new virtualization awareness delivers the latest
endpoint solutions along with
peace of mind and innovative resource-saving technology to help you
defend against zero day threats with optional virtual patching.
- Source:http://us.trendmicro.com/us/products/enterprise/officescan/index.html
You can watch the presentation videos for free. The link for
visualization is: http://www.h2hc.com.br/eventos.php
Together with this announcement I would like to thanks to Nitro
Security, a new Platinum Sponsor for H2HC 2010!! Now we have the
Platinum Sponsorship of Microsoft, Check Point, Trend Micro and Nitro
Security. Special thanks to all the sponsors that made possible the
amazing speakers we invited for the conference this year. More on this
available on our website.
If you can make it to Brazil in 27-28 of November this year, try to show
Next Page>>
|
