vulnerability CVE-2007-4277

Trend Micro AntiVirus scan engine: buffer overflow in Tmxpflt.sys

Synthesis of the vulnerability

A local attacker can run code on the system by exploiting a buffer overflow of Trend Micro AntiVirus scan engine.
Impacted products: Trend Micro Internet Security, InterScan Messaging Security Suite, InterScan Web Security Suite, ScanMail, Trend Micro ServerProtect.
Severity: 2/4.
Creation date: 26/10/2007.
Identifiers: 1036190, CERTA-2007-AVI-456, CVE-2007-4277, VIGILANCE-VUL-7285.

Description of the vulnerability

Trend Micro products use a virus detection system named Trend Micro AntiVirus scan engine. This engine use filter defined by the Tmfilter.sys module under Windows.

Permissions on this module give writing rights for all users, and no control on data passed in parameter in the IOCTL 0xa0284403 are done. A local attacker can thus exploit this module in order to create a buffer overflow in Trend Micro AntiVirus scan engine.

A local attacker can thus run code on the system with SYSTEM rights on the machine.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

          

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability workaround. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.