Vulnerability Description
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trend Micro | Client-Server-Messaging Security | 3.5 |
| Trend Micro | Damage Cleanup Services | 3.2 |
| Trend Micro | Pc-Cillin Internet Security | 2007 |
| Trend Micro | Tmcomm.Sys | 1.5.1052 |
| Trend Micro | Trend Micro Antirootkit Common Module | All versions |
| Trend Micro | Trend Micro Antispyware | 3.0_sp2 |
| Trend Micro | Trend Micro Antivirus | 2007 |
| Trend Micro | Vsapini.Sys | 3.320.1003 |
References
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-103Patch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469Vendor Advisory
- http://osvdb.org/33039
- http://secunia.com/advisories/24069PatchVendor Advisory
- http://securitytracker.com/id?1017604
- http://securitytracker.com/id?1017605
- http://securitytracker.com/id?1017606
- http://www.kb.cert.org/vuls/id/282240US Government Resource
- http://www.kb.cert.org/vuls/id/666800US Government Resource
- http://www.securityfocus.com/bid/22448
- http://www.vupen.com/english/advisories/2007/0521
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32353
- http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-103Patch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469Vendor Advisory
- http://osvdb.org/33039
FAQ
What is CVE-2007-0856?
CVE-2007-0856 is a vulnerability with a CVSS score of 7.2 (HIGH). TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-...
How severe is CVE-2007-0856?
CVE-2007-0856 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0856?
Check the references section above for vendor advisories and patch information. Affected products include: Trend Micro Client-Server-Messaging Security, Trend Micro Damage Cleanup Services, Trend Micro Pc-Cillin Internet Security, Trend Micro Tmcomm.Sys, Trend Micro Trend Micro Antirootkit Common Module.