The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability announce 22992

Trend Micro Internet Security: privilege escalation via ioctl

Synthesis of the vulnerability

An attacker can use an ioctl call to Trend Micro Internet Security, in order to write to the kernel memory or trigger a denial of service.
Impacted products: TrendMicro Internet Security.
Severity: 2/4.
Creation date: 19/06/2017.
Identifiers: 1117509, VIGILANCE-VUL-22992, ZDI-17-395, ZDI-17-396.

Description of the vulnerability

The Trend Micro Internet Security includes a kernel driver.

However, the ioctl system call implementation does not rightly check its arguments.

An attacker can use an ioctl call to Trend Micro Internet Security, in order to write to the kernel memory or trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability database. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.