Vulnerability Description
The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Internet Security | 2008 |
Related Weaknesses (CWE)
References
- http://en.securitylab.ru/lab/PT-2009-09
- http://milw0rm.com/sploits/2009-trendmicro_local_expl_0day.zipExploit
- http://www.securityfocus.com/archive/1/502314/100/0/threaded
- http://www.securityfocus.com/bid/34304Exploit
- http://www.securitytracker.com/id?1021955
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49513
- https://www.exploit-db.com/exploits/8322
- http://en.securitylab.ru/lab/PT-2009-09
- http://milw0rm.com/sploits/2009-trendmicro_local_expl_0day.zipExploit
- http://www.securityfocus.com/archive/1/502314/100/0/threaded
- http://www.securityfocus.com/bid/34304Exploit
- http://www.securitytracker.com/id?1021955
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49513
- https://www.exploit-db.com/exploits/8322
FAQ
What is CVE-2009-0686?
CVE-2009-0686 is a vulnerability with a CVSS score of 7.2 (HIGH). The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in ...
How severe is CVE-2009-0686?
CVE-2009-0686 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0686?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Internet Security.