CVE-2007-4277 — MEDIUM (6.6)

Q: How severe is CVE-2007-4277?

CVE-2007-4277 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2007-4277?

Check the references section above for vendor advisories and patch information. Affected products include: Trend Micro Pc-Cillin Internet Security 2007, Trend Micro Scan Engine.

Vulnerability Description

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.

CVSS Score

6.6

MEDIUM

AV:L/AC:L/Au:N/C:N/I:C/A:C

Confidentiality

NONE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Trend Micro	Pc-Cillin Internet Security 2007	All versions
Trend Micro	Scan Engine	<= 8.500

Related Weaknesses (CWE)

CWE-119 CWE-264

References

FAQ

What is CVE-2007-4277?

CVE-2007-4277 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for...

How severe is CVE-2007-4277?

CVE-2007-4277 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4277?

Check the references section above for vendor advisories and patch information. Affected products include: Trend Micro Pc-Cillin Internet Security 2007, Trend Micro Scan Engine.