Vulnerability Description
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Tmeext.Sys | <= 2.0.0.1014 |
Related Weaknesses (CWE)
References
- http://esupport.trendmicro.com/en-us/home/pages/technical-support/1106233.aspxVendor Advisory
- http://www.exploit-db.com/exploits/35962Exploit
- http://www.greyhathacker.net/?p=818Exploit
- http://www.osvdb.org/115514
- http://esupport.trendmicro.com/en-us/home/pages/technical-support/1106233.aspxVendor Advisory
- http://www.exploit-db.com/exploits/35962Exploit
- http://www.greyhathacker.net/?p=818Exploit
- http://www.osvdb.org/115514
FAQ
What is CVE-2014-9641?
CVE-2014-9641 is a vulnerability with a CVSS score of 7.2 (HIGH). The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileg...
How severe is CVE-2014-9641?
CVE-2014-9641 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9641?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Tmeext.Sys.