- Description
- Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trend_micro:trend_micro_antivirus_plus_antispyware:2008:bld_1450:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20BF6A4C-F9B3-416A-A6D9-89A17CF95E5E"
},
{
"criteria": "cpe:2.3:a:trend_micro:trend_micro_internet_security__virus_bust:2008:bld_1451:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "810E8007-9115-49BA-9EEF-31E5FA8A3083"
},
{
"criteria": "cpe:2.3:a:trend_micro:trend_micro_internet_security_pro:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC162A34-F6A4-4519-A29D-14C34FBFB15C"
}
],
"operator": "OR"
}
]
}
]