4 matches found
CVE-2007-4277
CVE-2007-4277 : Local privilege-escalation in Trend Micro’s AntiVirus engine (pre-8.550-1001) via insecure permissions on the DOS device \.\Tmfilter and an IOCTL handler (0xa0284403) that copies attacker-supplied data into a fixed-size buffer. Local users can send arbitrary content to the device,...
Trend Micro病毒扫描引擎Tmxpflt.sys多个本地安全漏洞
BUGTRAQ ID: 26209 CVECAN ID: CVE-2007-4277 Trend Micro病毒扫描引擎为桌面、服务器和网关提供杀毒功能。 Trend Micro病毒扫描引擎的驱动实现上存在多个安全漏洞,本地攻击者可能利用此漏洞提升权限。 Trend Micro的杀毒引擎中所捆绑的Tmxpflt.sys驱动中没有对\.\Tmfilter DOS设备接口设置安全的权限,允许Everyone写访问,因此任何本地登录的用户都可以访问仅有特权用户才可以访问的功能。 此外这个DOS设备接口的IOCTL...
iDefense Security Advisory 10.25.07: Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability
Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability iDefense Security Advisory 10.25.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 25, 2007 I. BACKGROUND The Trend Micro AntiVirus scan engine provides AntiVirus capabilities to desktop, server, and gateway system...
Trend Micro Scan Engine Tmxpflt.sys Buffer Overflow
The version of Trend Micro AntiVirus installed on the remote Windows host contains a buffer overflow in its 'Tmxpflt.sys' kernel driver. A local attacker may be able to leverage this issue to execute arbitrary code on the affected system in kernel context. C Tenable Network Security, Inc...