Buffer Overflow Vulnerability in Trend Micro AntiVirus Scan Engine
CVE-2007-4277

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Pc-cillin Internet Security 2007; Scan Engine
Vendor: CVE Published:; 30 October 2007

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2007-4277?

The Trend Micro AntiVirus scan engine prior to version 8.550-1001 has weak permissions for the \.\Tmfilter device, allowing local users to exploit the IOCTL functionality. This can lead to arbitrary content being sent to the device. The vulnerability can be leveraged for privilege escalation by exploiting a buffer overflow vulnerability in the handler for IOCTL 0xa0284403, which could allow unauthorized actions within the system.

References

http://secunia.com/advisories/27378

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/26209

vdb-entryx_refsource_BID

http://esupport.trendmicro.com/support/viewxml.do?Content...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2007
Vulnerability Reserved
Aug 9, 2007