|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA24069] Trend Micro Products IOCTL Handler Privilege Escalation
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Feb 08 2007 - 04:47:04 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Secunia is proud to announce the availability of the Secunia Software
Inspector.
The Secunia Software Inspector is a free service that detects insecure
versions of software that you may have installed in your system. When
insecure versions are detected, the Secunia Software Inspector also
provides thorough guidelines for updating the software to the latest
secure version from the vendor.
Try it out online:
http://secunia.com/software_inspector/
----------------------------------------------------------------------
TITLE:
Trend Micro Products IOCTL Handler Privilege Escalation
SECUNIA ADVISORY ID:
SA24069
VERIFY ADVISORY:
http://secunia.com/advisories/24069/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
Trend Micro PC-cillin Internet Security 2007
http://secunia.com/product/13436/
Trend Micro Client Server Messaging Security for SMB 3.x
http://secunia.com/product/13440/
Trend Micro Damage Cleanup Services 3.x
http://secunia.com/product/13441/
Trend Micro Anti-Spyware 3.x
http://secunia.com/product/13439/
Trend Micro Anti-Spyware for Enterprise 3.x
http://secunia.com/product/13438/
Trend Micro Anti-Spyware for SMB 3.x
http://secunia.com/product/13437/
DESCRIPTION:
A vulnerability has been reported in various Trend Micro products,
which can be exploited by malicious, local users to gain escalated
privileges.
Insufficient address space verification within the IOCTL handlers of
the TmComm.sys device driver and insecure permissions on the
\\.\TmComm DOS device interface can be exploited e.g. to access
certain IOCTL handlers and overwrite arbitrary memory and execute
code with kernel privileges.
The vulnerability reportedly affects the following products:
* Trend Micro PC-cillin Internet Security 2007
* Trend Micro Antivirus 2007
* Trend Micro Anti-Spyware for SMB 3.2 SP1
* Trend Micro Anti-Spyware for Consumer 3.5
* Trend Micro Anti-Spyware for Enterprise 3.0 SP2
* Client / Server / Messaging Security for SMB 3.5
* Damage Cleanup Services 3.2
SOLUTION:
Update the Anti-Rootkit Common Module (RCM) to version 1.600-1052.
PROVIDED AND/OR DISCOVERED BY:
Discovered by Ruben Santamarta and reported via iDefense Labs.
ORIGINAL ADVISORY:
Trend Micro:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-1034432
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]