A vulnerability has been reported in various Trend Micro products, which can be exploited by malicious, local users to gain escalated privileges.
Insufficient address space verification within the IOCTL handlers of the TmComm.sys device driver and insecure permissions on the \\.\TmComm DOS device interface can be exploited e.g. to access certain IOCTL handlers and overwrite arbitrary memory and execute code with kernel privileges.
The vulnerability reportedly affects the following products:
* Trend Micro PC-cillin Internet Security 2007
* Trend Micro Antivirus 2007
* Trend Micro Anti-Spyware for SMB 3.2 SP1
* Trend Micro Anti-Spyware for Consumer 3.5
* Trend Micro Anti-Spyware for Enterprise 3.0 SP2
* Client / Server / Messaging Security for SMB 3.5
* Damage Cleanup Services 3.2
Solution: Update the Anti-Rootkit Common Module (RCM) to version 1.600-1052.
Provided and/or discovered by: Discovered by Ruben Santamarta and reported via iDefense Labs.
Original Advisory: Trend Micro:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org