PCWorks: Trend Micro Products vulnerability IOCTL Handler Privilege Escalation

Thread: PCWorks: Trend Micro Products vulnerability IOCTL Handler Privilege Escalation

Search this list only Search all lists
PCWorks: Trend Micro Products vulnerability IOCTL Handler Privilege Escalation
United States	2007-02-08 06:03:18
TITLE: Trend Micro Products IOCTL Handler Privilege Escalation SECUNIA ADVISORY ID: SA24069 VERIFY ADVISORY: http://secunia.c om/advisories/24069/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Trend Micro PC-cillin Internet Security 2007 http://secunia.com/ product/13436/ Trend Micro Client Server Messaging Security for SMB 3.x http://secunia.com/ product/13440/ Trend Micro Damage Cleanup Services 3.x http://secunia.com/ product/13441/ Trend Micro Anti-Spyware 3.x http://secunia.com/ product/13439/ Trend Micro Anti-Spyware for Enterprise 3.x http://secunia.com/ product/13438/ Trend Micro Anti-Spyware for SMB 3.x http://secunia.com/ product/13437/ DESCRIPTION: A vulnerability has been reported in various Trend Micro products, which can be exploited by malicious, local users to gain escalated privileges. Insufficient address space verification within the IOCTL handlers of the TmComm.sys device driver and insecure permissions on the \.TmComm DOS device interface can be exploited e.g. to access certain IOCTL handlers and overwrite arbitrary memory and execute code with kernel privileges. The vulnerability reportedly affects the following products: * Trend Micro PC-cillin Internet Security 2007 * Trend Micro Antivirus 2007 * Trend Micro Anti-Spyware for SMB 3.2 SP1 * Trend Micro Anti-Spyware for Consumer 3.5 * Trend Micro Anti-Spyware for Enterprise 3.0 SP2 * Client / Server / Messaging Security for SMB 3.5 * Damage Cleanup Services 3.2 SOLUTION: Update the Anti-Rootkit Common Module (RCM) to version 1.600-1052. ORIGINAL ADVISORY: Trend Micro: http://esupport.trendmic ro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-103 4432 iDefense Labs: http://labs.idefense.com/intelligence/vu lnerabilities/display.php?id=469 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )