Trend Micro PC-Cillin Internet Security 2007 IOCTL TmComm.sys privilege escalation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in Trend Micro PC-Cillin Internet Security 2007. This issue affects some unknown processing of the file TmComm.sys of the component IOCTL Handler. Executing a manipulation can lead to Remote Privilege Escalation. This vulnerability appears as CVE-2007-0856. The attacker needs to be present on the local network. In addition, an exploit is available. The affected component should be upgraded.
Details
A vulnerability classified as critical was found in Trend Micro PC-Cillin Internet Security 2007. This vulnerability affects an unknown part of the file TmComm.sys of the component IOCTL Handler. The manipulation with an unknown input leads to a remote privilege escalation vulnerability. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.
The weakness was presented 02/08/2007 by Ruben Santamarta with iDefense Labs (Website). The advisory is shared for download at labs.idefense.com. This vulnerability was named CVE-2007-0856 since 02/08/2007. The attack needs to be done within the local network. Technical details and also a private exploit are known.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 24682 (Trend Micro Multiple Products TmComm.sys IOCTL Handler Local Privilege Escalation), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context l.
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at esupport.trendmicro.com. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at X-Force (32353), Tenable (24682), SecurityFocus (BID 22448†), OSVDB (33039†) and Secunia (SA24069†). Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.trendmicro.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.0VulDB Meta Temp Score: 7.0
VulDB Base Score: 8.0
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privilege escalationCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Access: Private
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 24682
Nessus Name: Trend Micro Multiple Products TmComm.sys IOCTL Handler Local Privilege Escalation
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: esupport.trendmicro.com
Timeline
02/07/2007 🔍02/07/2007 🔍
02/07/2007 🔍
02/08/2007 🔍
02/08/2007 🔍
02/08/2007 🔍
02/08/2007 🔍
02/08/2007 🔍
02/12/2007 🔍
02/21/2007 🔍
02/26/2007 🔍
11/25/2024 🔍
Sources
Vendor: trendmicro.comAdvisory: labs.idefense.com⛔
Researcher: Ruben Santamarta
Organization: iDefense Labs
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-0856 (🔍)
GCVE (CVE): GCVE-0-2007-0856
GCVE (VulDB): GCVE-100-2908
CERT: 🔍
X-Force: 32353 - Multiple Trend Micro products TmComm.sys privilege escalation, High Risk
SecurityFocus: 22448 - Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
Secunia: 24069 - Trend Micro Products IOCTL Handler Privilege Escalation, Less Critical
OSVDB: 33039 - Trend Micro Multiple Products TmComm.sys IOCTL Handler Local Privilege Escalation
SecurityTracker: 1017606 - Trend Micro Anti-Spyware Unsafe 'TmComm.sys' Driver Permissions Let Local Users Gain Elevated Privileges
Vulnerability Center: 14391 - Trend Micro Multiple Products Privilege Escalation in VsapiNI.sys Antivirus Scan Engine, Medium
Vupen: ADV-2007-0521
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 02/12/2007 15:44Updated: 11/25/2024 21:08
Changes: 02/12/2007 15:44 (84), 06/07/2017 14:55 (8), 03/15/2021 08:57 (3), 11/25/2024 21:08 (17)
Complete: 🔍
Cache ID: 216:09C:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.