Trend Micro OfficeScan 8.0 URL Filtering Engine memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Trend Micro OfficeScan 8.0. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component URL Filtering Engine. This manipulation causes memory corruption. This vulnerability is handled as CVE-2010-0564. There is not any exploit available. Upgrading the affected component is advised.
Details
A vulnerability has been found in Trend Micro OfficeScan 8.0 (Anti-Malware Software) and classified as critical. Affected by this vulnerability is an unknown function of the component URL Filtering Engine. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0.
The weakness was released 02/04/2010 with Trend Micro (Website). The advisory is shared at trendmicro.com. This vulnerability is known as CVE-2010-0564 since 02/09/2010. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 02/01/2025).
It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $100k and more. The vulnerability scanner Nessus provides a plugin with the ID 900231 , which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 116869 (Trend Micro OfficeScan URL Filtering Engine Buffer Overflow Vulnerability).
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (56097), Tenable (900231), SecurityFocus (BID 38083†), OSVDB (62110†) and Secunia (SA38396†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.trendmicro.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.4
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 900231
Nessus Risk: 🔍
OpenVAS ID: 900231
OpenVAS Name: Trend Micro OfficeScan URL Filtering Engine Buffer Overflow Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
01/22/2010 🔍01/22/2010 🔍
02/04/2010 🔍
02/04/2010 🔍
02/05/2010 🔍
02/09/2010 🔍
02/09/2010 🔍
02/19/2010 🔍
02/19/2010 🔍
03/16/2010 🔍
02/01/2025 🔍
Sources
Vendor: trendmicro.comAdvisory: trendmicro.com
Organization: Trend Micro
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2010-0564 (🔍)
GCVE (CVE): GCVE-0-2010-0564
GCVE (VulDB): GCVE-100-4081
X-Force: 56097 - Trend Micro OfficeScan TMUFE buffer overflow, High Risk
SecurityFocus: 38083 - Trend Micro URL Filtering Engine Buffer Overflow Vulnerability
Secunia: 38396 - Trend Micro OfficeScan URL Filtering Engine Buffer Overflow, Less Critical
OSVDB: 62110 - Trend Micro OfficeScan URL Filtering Engine Unspecified Overflow DoS
SecurityTracker: 1023553 - Trend Micro OfficeScan URL Filtering Buffer Overflow May Let Remote Users Execute Arbitrary Code
Vulnerability Center: 25084 - Trend Micro OfficeScan Remote DoS Vulnerability via the Trend Micro URL Filtering Engine, Medium
Vupen: ADV-2010-0295
Entry
Created: 02/19/2010 16:20Updated: 02/01/2025 20:08
Changes: 02/19/2010 16:20 (79), 02/22/2017 10:39 (11), 02/01/2025 20:08 (18)
Complete: 🔍
Cache ID: 216:E3F:103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.