In association with heise online

26 October 2007, 10:20

Trend Micro's anti-virus products vulnerable to privilege escalation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider iDefense has released a security advisory about a vulnerability in Trend Micro products for corporate and individual users. A driver installed by the anti-virus products contains a flaw which allows local users to execute arbitrary code at SYSTEM privilege level.

The Tmxpflt.sys driver provides access to the \\.\Tmfilter DOS device interface. However, access privileges allow write access for Everyone. A driver function called this way does not validate the length of a user-supplied parameter before copying the parameter to a fixed-size buffer. This can cause a buffer overflow allowing arbitrary code to be executed in the kernel context.

The flawed driver versions 8.320.1004 and 8.500.1002 are used, for example, in PC-Cillin Internet Security 2007, Client Server Messaging Security for SMB 3.6, Client Server Security for SMB 3.6, OfficeScan 7 and 8 and in ServerProtect for Microsoft Windows as well as Novell NetWare 5.58. To resolve this vulnerability and several software compatibility issues, Trend Micro plans to release Scan Engine 8.550-1001 on its ActiveUpdate servers on October 30th.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit