Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56097 | vdb entry |
| http://secunia.com/advisories/38396 | third party advisory vendor advisory |
| http://www.securitytracker.com/id?1023553 | vdb entry |
| http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch_5_en_readme.txt | |
| http://www.trendmicro.com/ftp/documentation/readme/readme_1224.txt | |
| http://www.securityfocus.com/bid/38083 | vdb entry |
| http://www.vupen.com/english/advisories/2010/0295 | vdb entry patch vendor advisory |