The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Trend Micro AntiVirus scan engine: buffer overflow in Tmxpflt.sys

Synthesis of the vulnerability

A local attacker can run code on the system by exploiting a buffer overflow of Trend Micro AntiVirus scan engine.
Severity of this announce: 2/4.
Creation date: 26/10/2007.
Références of this computer vulnerability: 1036190, CERTA-2007-AVI-456, CVE-2007-4277, VIGILANCE-VUL-7285.

Description of the vulnerability

Trend Micro products use a virus detection system named Trend Micro AntiVirus scan engine. This engine use filter defined by the Tmfilter.sys module under Windows.

Permissions on this module give writing rights for all users, and no control on data passed in parameter in the IOCTL 0xa0284403 are done. A local attacker can thus exploit this module in order to create a buffer overflow in Trend Micro AntiVirus scan engine.

A local attacker can thus run code on the system with SYSTEM rights on the machine.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as TrendMicro Internet Security, InterScan Messaging Security Suite, InterScan Web Security Suite, ScanMail, TrendMicro ServerProtect.

Our Vigil@nce team determined that the severity of this weakness alert is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer weakness note.

Solutions for this threat

Trend Micro AntiVirus scan engine: version 8.550-1001.
Version 8.550-1001 is corrected:
  http://www.trendmicro.com/download/
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer vulnerability analysis. The Vigil@nce vulnerability database contains several thousand vulnerabilities.