CVE

Id
27634  
CVE No.
CVE-2007-4277  
Status
Candidate  
Description
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \.Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.  
Phase
Assigned (20070809)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
284424 27634 CVE-2007-4277 IDEFENSE:20071025 Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability  View
284425 27634 CVE-2007-4277 URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=609  View
284426 27634 CVE-2007-4277 CONFIRM:http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793  View
284427 27634 CVE-2007-4277 CONFIRM:http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190  View
284428 27634 CVE-2007-4277 BID:26209  View
284429 27634 CVE-2007-4277 URL:http://www.securityfocus.com/bid/26209  View
284430 27634 CVE-2007-4277 VUPEN:ADV-2007-3627  View
284431 27634 CVE-2007-4277 URL:http://www.vupen.com/english/advisories/2007/3627  View
284432 27634 CVE-2007-4277 SECTRACK:1018863  View
284433 27634 CVE-2007-4277 URL:http://securitytracker.com/id?1018863  View
284434 27634 CVE-2007-4277 SECUNIA:27378  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
53798 JVNDB-2007-002490 FrontAccounting の config.php における PHP リモートファイルインクルージョンの脆弱性 FrontAccounting の config.php には、PHP リモートファイルインクルージョンの脆弱性が存在します。 CVE-2007-4279 27634 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002490.html  View