The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause a denial of service (service crash) via a packet with a large value in an unspecified size field.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://www.securitytracker.com/id?1021615 | vdb entry |
| http://secunia.com/secunia_research/2008-42/ | |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt | vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/48106 | vdb entry |
| http://www.securityfocus.com/archive/1/500195/100/0/threaded | mailing list |
| http://www.securityfocus.com/bid/33358 | patch vdb entry |
| http://www.vupen.com/english/advisories/2009/0191 | vdb entry |
| http://secunia.com/advisories/33609 | patch vendor advisory third party advisory |
| http://securityreason.com/securityalert/4937 | third party advisory |
| http://secunia.com/advisories/31160 | third party advisory vendor advisory |
| http://www.securitytracker.com/id?1021614 | vdb entry |