NVD

Id
56405  
Name
CVE-2007-4277  
Description
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \.Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.  
Reject
 
CVSS Version
2  
CVSS Score
6.6  
Severity
Medium  
CVSS Base Score
6.6  
CVSS Impact Subscore
9.2  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:N/I:C/A:C)  
Pub Date
2017-01-07  
Published
2007-10-30  
Modified Date
2011-03-07  
Seq
2007-4277  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
287300 56405 CVE-2007-4277 http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793  View
287301 56405 CVE-2007-4277 http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190  View
287302 56405 CVE-2007-4277 20071025 Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability  View
287303 56405 CVE-2007-4277 1018863  View
287304 56405 CVE-2007-4277 26209  View
287305 56405 CVE-2007-4277 ADV-2007-3627  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
57257 JVNDB-2007-005949 Trend Micro PC-Cillin Internet Security 2007 などで使用されている Trend Micro AntiVirus スキャンエンジンにおけるバッファオーバーフローの脆弱性 Trend Micro PC-Cillin Internet Security 2007 および Tmxpflt.sys で使用されている Trend Micro AntiVirus スキャンエンジンは、\.Tmfilter デバイスに対する脆弱なパーミッション (エブリワン : Write) があるため、バッファオーバーフローの脆弱性が存在します。 CVE-2007-4277 27632 CVE-2007-4277 56405 6.6 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005949.html 2007-10-30 2012-12-20 View