|
|
CVE Reference: CVE-2007-0856 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0856 |
|
|
Description: TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/32353 ST 1017604 1017605 1017606 SAID Secunia Advisory: SA24069 OSVDB 33039 IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469 CONFIRM http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-1034432 CERT-VN 666800 282240 BID 22448 |
|
| Return to the previous page. |
