Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
BID:22448
Info
Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
| Bugtraq ID: | 22448 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0856 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 07 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Ruben Santamarta of reversemode.com is credited with the discovery of this vulnerability. |
| Vulnerable: |
Trend Micro VsapiNI.sys (scan engine) 3.320 .1003 Trend Micro TmComm.sys 1.5 .1052 Trend Micro PC-Cillin Internet Security 2007 Trend Micro Damage Cleanup Services 3.2 Trend Micro Client Server Messaging Security for SMB 3.5 Trend Micro Antivirus 2007 Trend Micro Anti-Spyware for SMB 3.2 SP1 Trend Micro Anti-Spyware for Enterprise 3.0 SP2 Trend Micro Anti-Spyware for Consumer 3.5 Trend Micro Anti-Rootkit Common Module (RCM) 0 |
| Not Vulnerable: | |
Discussion
Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
Trend Micro's 'VsapiNI.sys' antivirus scan engine is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to obtain SYSTEM privileges. A successful attack can result in the complete compromise of the affected computer.
The following software is vulnerable; other software and versions using the scan engine may also be affected:
Trend Micro's PC-Cillin Internet Security 2007
TmComm.sys version 1.5.0.1052
VsapiNI.sys (scan engine) version 3.320.0.100
Trend Micro Antivirus 2007
Trend Micro Anti-Spyware for SMB 3.2 SP1
Trend Micro Anti-Spyware for Consumer 3.5
Trend Micro Anti-Spyware for Enterprise 3.0 SP2
Client / Server / Messaging Security for SMB 3.5
Damage Cleanup Services 3.2
Anti-Rootkit Common Module (RCM)
Trend Micro's 'VsapiNI.sys' antivirus scan engine is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to obtain SYSTEM privileges. A successful attack can result in the complete compromise of the affected computer.
The following software is vulnerable; other software and versions using the scan engine may also be affected:
Trend Micro's PC-Cillin Internet Security 2007
TmComm.sys version 1.5.0.1052
VsapiNI.sys (scan engine) version 3.320.0.100
Trend Micro Antivirus 2007
Trend Micro Anti-Spyware for SMB 3.2 SP1
Trend Micro Anti-Spyware for Consumer 3.5
Trend Micro Anti-Spyware for Enterprise 3.0 SP2
Client / Server / Messaging Security for SMB 3.5
Damage Cleanup Services 3.2
Anti-Rootkit Common Module (RCM)
Exploit / POC
Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
Solution:
The vendor has released fixes to address this issue. Please see the referenced advisory for more information.
Solution:
The vendor has released fixes to address this issue. Please see the referenced advisory for more information.
References
Trend Micro AntiVirus Scan Engine TMComm Local Privilege Escalation Vulnerability
References:
References:
- Trend Micro Homepage (Trend Micro)
- [Reversemode Advisory] TrendMicro Products - multiple privilege escalation (Reversemode)
- Trend Micro TmComm Local Privilege (iDefense Labs)
- [Vulnerability Confirmation] TmComm Local Privilege Escalation Vulnerability (Trend Micro)
- Trend Micro Anti-Rootkit Common Module fails to properly restrict access to the (US-CERT)
- Trend Micro Anti-Rootkit Common Module fails to properly validate input (US-CERT)
- Trend Micro TmComm Local Privilege Escalation Vulnerability (iDefense Labs)