cbcvebase.
CVE-2008-3866
published 2009-01-21

CVE-2008-3866: The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1…

PriorityP417medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.40%
31.9th percentile
The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets.

Affected

2 ranges
VendorProductVersion rangeFixed in
trend_microinternet_security_2008
trend_microofficescan
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.