← Back

Trend Micro

trend_micro

108 CVEs • 53 products

Products (53)

Click to collapse
Toggle
Officescan
officescan
29 CVEs
Serverprotect
serverprotect
25 CVEs
Interscan Viruswall
interscan_viruswall
22 CVEs
Control Manager
control_manager
6 CVEs
Interscan Webmanager
interscan_webmanager
4 CVEs
Pc Cillin
pc-cillin
4 CVEs
Scanmail
scanmail
4 CVEs
Officescan Corporate Edition
officescan_corporate_edition
4 CVEs
Virus Buster
virus_buster
3 CVEs
Interscan Emanager
interscan_emanager
3 CVEs
Virus Control System
virus_control_system
3 CVEs
Interscan Viruswall For Windows Nt
interscan_viruswall_for_windows_nt
3 CVEs
Housecall
housecall
3 CVEs
Interscan Messaging Security Suite
interscan_messaging_security_suite
3 CVEs
Interscan Web Security Suite
interscan_web_security_suite
3 CVEs
Client Server Messaging Security
client-server-messaging_security
3 CVEs
Trend Micro Antivirus
trend_micro_antivirus
3 CVEs
Internet Security 2007
internet_security_2007
3 CVEs
Internet Security 2008
internet_security_2008
3 CVEs
Virus Buster 2001
virus_buster_2001
2 CVEs
Client Server Messaging Suite Smb
client-server-messaging_suite_smb
2 CVEs
Client Server Suite Smb
client-server_suite_smb
2 CVEs
Interscan Webprotect
interscan_webprotect
2 CVEs
Portalprotect
portalprotect
2 CVEs
Scanmail Emanager
scanmail_emanager
2 CVEs
Pc Cillin 2005
pc-cillin_2005
2 CVEs
Pc Cillin Internet Security 2006
pc_cillin_-_internet_security_2006
2 CVEs
Viruswall
viruswall
2 CVEs
Pc Cillin Internet Security
pc-cillin_internet_security
2 CVEs
Pc Cillin Internet Security 2007
pc-cillin_internet_security_2007
2 CVEs
Interscan Applettrap
interscan_applettrap
1 CVE
Scanmail Exchange
scanmail_exchange
1 CVE
Damage Cleanup Server
damage_cleanup_server
1 CVE
Scanmail Domino
scanmail_domino
1 CVE
Serverprotect Earthagent
serverprotect_earthagent
1 CVE
Pc Cillin 2006
pc-cillin_2006
1 CVE
Interscan Viruswall Scan Engine
interscan_viruswall_scan_engine
1 CVE
Scanning Engine
scanning_engine
1 CVE
Web Security Suite
web_security_suite
1 CVE
Webprotect
webprotect
1 CVE
Damage Cleanup Services
damage_cleanup_services
1 CVE
Tmcomm.sys
tmcomm.sys
1 CVE
Trend Micro Antirootkit Common Module
trend_micro_antirootkit_common_module
1 CVE
Trend Micro Antispyware
trend_micro_antispyware
1 CVE
Vsapini.sys
vsapini.sys
1 CVE
Antispyware
antispyware
1 CVE
Scan Engine
scan_engine
1 CVE
Trend Micro Antivirus Plus Antispyware
trend_micro_antivirus_plus_antispyware
1 CVE
Trend Micro Internet Security Virus Bust
trend_micro_internet_security__virus_bust
1 CVE
Trend Micro Internet Security Pro
trend_micro_internet_security_pro
1 CVE
Worry Free Business Security
worry_free_business_security
1 CVE
Mobile Security
mobile_security
1 CVE
Deep Discovery Inspector
deep_discovery_inspector
1 CVE

CVEs (108)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2007-1591
1Trend Micro
1Trend Micro Antivirus
Apr 23, 2026
Mar 22, 2007
N/A· v4
N/A· v3
7.8 HIGH· v2
VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain fiel...Show more
VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error.Show less
CVE-2007-1169
1Trend Micro
1Serverprotect
Apr 23, 2026
Mar 2, 2007
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the...Show more
The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.Show less
CVE-2007-1168
1Trend Micro
1Serverprotect
Apr 23, 2026
Mar 2, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web...Show more
Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).Show less
CVE-2007-1070
1Trend Micro
1Serverprotect
Apr 23, 2026
Feb 21, 2007
N/A· v4
N/A· v3
10.0 HIGH· v2
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmR...Show more
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.Show less
CVE-2007-0325
1Trend Micro
2Client Server Messaging Security
Officescan Corporate Edition
Apr 23, 2026
Feb 20, 2007
N/A· v4
N/A· v3
9.3 HIGH· v2
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / S...Show more
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.Show less
CVE-2007-0856
1Trend Micro
8Client Server Messaging Security
Damage Cleanup ServicesPc Cillin Internet Security+5 more
Apr 23, 2026
Feb 8, 2007
N/A· v4
N/A· v3
7.2 HIGH· v2
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2...Show more
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.Show less
CVE-2007-0851
1Trend Micro
23Client Server Messaging Suite Smb
Client Server Suite SmbControl Manager+20 more
Apr 23, 2026
Feb 8, 2007
N/A· v4
N/A· v3
9.3 HIGH· v2
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via...Show more
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.Show less
CVE-2007-0602
1Trend Micro
1Viruswall
Apr 23, 2026
Jan 30, 2007
N/A· v4
N/A· v3
6.9 MEDIUM· v2
Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability...Show more
Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.Show less
CVE-2006-6458
1Trend Micro
3Officescan
Pc Cillin Internet Security 2006Serverprotect
Apr 23, 2026
Dec 11, 2006
N/A· v4
N/A· v3
7.8 HIGH· v2
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to caus...Show more
The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop.Show less
CVE-2006-6179
1Trend Micro
1Officescan
Apr 23, 2026
Nov 30, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2006-6178
1Trend Micro
1Officescan
Apr 23, 2026
Nov 30, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2006-5212
1Trend Micro
1Officescan
Apr 23, 2026
Oct 10, 2006
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remot...Show more
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program.Show less
CVE-2006-5211
1Trend Micro
1Officescan Corporate Edition
Apr 23, 2026
Oct 10, 2006
N/A· v4
N/A· v3
6.4 MEDIUM· v2
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remot...Show more
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program.Show less
CVE-2006-5157
1Trend Micro
1Officescan
Apr 23, 2026
Oct 5, 2006
N/A· v4
N/A· v3
5.1 MEDIUM· v2
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in...Show more
Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".Show less
CVE-2006-3261
1Trend Micro
1Control Manager
Apr 16, 2026
Jun 27, 2006
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized...Show more
Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.Show less
CVE-2006-1381
1Trend Micro
1Officescan
Apr 16, 2026
Mar 24, 2006
N/A· v4
N/A· v3
10.0 HIGH· v2
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
CVE-2006-1379
1Trend Micro
1Pc Cillin 2006
Apr 16, 2026
Mar 24, 2006
N/A· v4
N/A· v3
7.2 HIGH· v2
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.ex...Show more
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe.Show less
CVE-2006-0642
1Trend Micro
3Interscan Messaging Security Suite
Interscan Web Security SuiteServerprotect
Apr 16, 2026
Feb 10, 2006
N/A· v4
N/A· v3
5.1 MEDIUM· v2
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 50...Show more
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE.Show less
CVE-2005-1928
1Trend Micro
1Serverprotect Earthagent
Apr 16, 2026
Dec 14, 2005
N/A· v4
N/A· v3
7.8 HIGH· v2
Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to...Show more
Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak.Show less
CVE-2005-1929
1Trend Micro
1Serverprotect
Apr 16, 2026
Dec 14, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allo...Show more
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.Show less