CVE-2007-0856
First published: Thu Feb 08 2007(Updated: )
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro Trend Micro Antispyware | =3.2_sp1 | |
| Trend Micro Damage Cleanup Services | =3.2 | |
| Trend Micro Trend Micro Antispyware | =3.0_sp2 | |
| Trend Micro Tmcomm.sys | =1.5.1052 | |
| Trend Micro Trend Micro Antirootkit Common Module | ||
| Trend Micro PC-cillin Internet Security | =2007 | |
| Trend Micro Client-server-messaging Security | =3.5 | |
| Trend Micro Vsapini.sys | =3.320.1003 | |
| Trend Micro Trend Micro Antivirus | =2007 | |
| Trend Micro Trend Micro Antispyware | =3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-1034432
- http://www.securityfocus.com/bid/22448
- http://securitytracker.com/id?1017604
- http://securitytracker.com/id?1017605
- http://securitytracker.com/id?1017606
- http://secunia.com/advisories/24069
- http://www.kb.cert.org/vuls/id/282240
- http://www.kb.cert.org/vuls/id/666800
- http://osvdb.org/33039
- http://www.vupen.com/english/advisories/2007/0521
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32353
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/description
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/trend micro
- canonical/trend micro trend micro antispyware
- version/trend micro trend micro antispyware/3.2_sp1
- canonical/trend micro damage cleanup services
- version/trend micro damage cleanup services/3.2
- version/trend micro trend micro antispyware/3.0_sp2
- canonical/trend micro tmcomm.sys
- version/trend micro tmcomm.sys/1.5.1052
- canonical/trend micro trend micro antirootkit common module
- canonical/trend micro pc-cillin internet security
- version/trend micro pc-cillin internet security/2007
- canonical/trend micro client-server-messaging security
- version/trend micro client-server-messaging security/3.5
- canonical/trend micro vsapini.sys
- version/trend micro vsapini.sys/3.320.1003
- canonical/trend micro trend micro antivirus
- version/trend micro trend micro antivirus/2007
- version/trend micro trend micro antispyware/3.5