This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Trend Micro First view 2007-10-30
Product Scan Engine Last view 2007-10-30
Version 8.500 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:trend_micro:scan_engine

Activity : Overall

Related : CVE

  Date Alert Description
6.6 2007-10-30 CVE-2007-4277

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-264 Permissions, Privileges, and Access Controls
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
39755 Trend Micro Multiple Products AntiVirus Scan Engine Tmxpflt.sys Tmfilter Filt...

Nessus® Vulnerability Scanner

id Description
2007-10-26 Name: The remote Windows host contains a program that is affected by a local buffer...
File: trendmicro_tmxpflt_overflow.nasl - Type: ACT_GATHER_INFO