Local Privilege Escalation in Trend Micro PC-cillin Internet Security
CVE-2006-1379

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Pc-cillin 2006
Vendor: CVE Published:; 24 March 2006

Summary

Trend Micro PC-cillin Internet Security versions 14.00.1485 and 14.10.0.1023 are affected by a vulnerability due to insecure DACLs (Discretionary Access Control Lists) on critical executable files like tmntsrv.exe and tmproxy.exe. This security flaw allows local users to modify these executable programs, potentially granting them SYSTEM privileges, which could lead to a complete takeover of the affected system.

References

http://www.secumind.net/content/french/modules/news/artic...

x_refsource_MISC

http://secunia.com/advisories/19282

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/1042

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Mar 24, 2006
Vulnerability Reserved
Mar 24, 2006