Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2007-0856
HistoryFeb 08, 2007 - 6:28 p.m.

CVE-2007-0856

2007-02-0818:28:00
[email protected]
web.nvd.nist.gov
10

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

25.7%

JSON

TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.

Affected configurations

Nvd
Node
trend_microclient-server-messaging_securityMatch3.5smb
OR
trend_microdamage_cleanup_servicesMatch3.2
OR
trend_micropc-cillin_internet_securityMatch2007
OR
trend_microtmcomm.sysMatch1.5.1052
OR
trend_microtrend_micro_antirootkit_common_module
OR
trend_microtrend_micro_antispywareMatch3.0_sp2enterprise
OR
trend_microtrend_micro_antispywareMatch3.2_sp1smb
OR
trend_microtrend_micro_antispywareMatch3.5consumer
OR
trend_microtrend_micro_antivirusMatch2007
OR
trend_microvsapini.sysMatch3.320.1003
VendorProductVersionCPE
trend_microclient-server-messaging_security3.5cpe:2.3:a:trend_micro:client-server-messaging_security:3.5:*:smb:*:*:*:*:*
trend_microdamage_cleanup_services3.2cpe:2.3:a:trend_micro:damage_cleanup_services:3.2:*:*:*:*:*:*:*
trend_micropc-cillin_internet_security2007cpe:2.3:a:trend_micro:pc-cillin_internet_security:2007:*:*:*:*:*:*:*
trend_microtmcomm.sys1.5.1052cpe:2.3:a:trend_micro:tmcomm.sys:1.5.1052:*:*:*:*:*:*:*
trend_microtrend_micro_antirootkit_common_module*cpe:2.3:a:trend_micro:trend_micro_antirootkit_common_module:*:*:*:*:*:*:*:*
trend_microtrend_micro_antispyware3.0_sp2cpe:2.3:a:trend_micro:trend_micro_antispyware:3.0_sp2:*:enterprise:*:*:*:*:*
trend_microtrend_micro_antispyware3.2_sp1cpe:2.3:a:trend_micro:trend_micro_antispyware:3.2_sp1:*:smb:*:*:*:*:*
trend_microtrend_micro_antispyware3.5cpe:2.3:a:trend_micro:trend_micro_antispyware:3.5:*:consumer:*:*:*:*:*
trend_microtrend_micro_antivirus2007cpe:2.3:a:trend_micro:trend_micro_antivirus:2007:*:*:*:*:*:*:*
trend_microvsapini.sys3.320.1003cpe:2.3:a:trend_micro:vsapini.sys:3.320.1003:*:*:*:*:*:*:*

Related

cvelist 1
prion 1
cert 2
nessus 1
cve 1
securityvulns 1
cvelist
cvelist
CVE-2007-0856
2007-02-08 18:00:00
prion
prion
Code injection
2007-02-08 18:28:00
cert
cert
Trend Micro Anti-Rootkit Common Module fails to properly restrict access to the "\\.\TmComm" DOS device interface
2007-02-09 00:00:00
Trend Micro Anti-Rootkit Common Module fails to properly validate input
2007-02-09 00:00:00
nessus
nessus
Trend Micro Multiple Products TmComm.sys IOCTL Handler Local Privilege Escalation
2007-02-21 00:00:00
cve
cve
CVE-2007-0856
2007-02-08 18:28:00
securityvulns
securityvulns
Trend Micro Antivirus multiple security vulnerabilities
2007-02-11 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

25.7%

JSON
Related for NVD:CVE-2007-0856
cvelist1prion1cert2nessus1cve1securityvulns1