CVE-2007-4277

by Fred · 30/10/2007

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \.Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.

Date published : 2007-10-30

http://www.securityfocus.com/bid/26209

http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793

CVE-2007-4277

Similar

Recent Posts

Categories

CVE-2007-4277

Share this:

Similar

Recent Posts

Categories

Tags