Trend Micro Maximum Security tmnciesc driver Untrusted Pointer Dereference Privilege Escalation Vulnerability

ID ZDI-16-529
Type zdi
Reporter Jaanus Kp Clarified Security
Modified 2016-06-22T00:00:00


This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x00222813 by the tmnciesc device driver. The issue lies in the failure to validate a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the kernel.