CVE-2007-4277 in Scan Engine
Sumário (Inglês)
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Reservar
09/08/2007
Divulgação
30/10/2007
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 3415 | Trend Micro Scan Engine Tmxpflt.sys Excesso de tampão | 119 | Prova de conceito | Correção oficial | CVE-2007-4277 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV