CVE-2007-4277 - CERT CVE
ID CVE-2007-4277
Sažetak The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.
Reference
CVSS
Base: 6.6
Impact: 9.2
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
LOCAL LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE COMPLETE COMPLETE
CVSS vektor AV:L/AC:L/Au:N/C:N/I:C/A:C
Zadnje važnije ažuriranje 08-03-2011 - 02:58
Objavljeno 30-10-2007 - 22:46