cpe:/a:trend_micro:pc-cillin_internet_security_2007 cpe:/a:trend_micro:scan_engine:8.500 CVE-2007-4277 2007-10-30T18:46:00.000-04:00 2011-03-07T21:58:05.703-05:00 6.6 LOCAL LOW NONE NONE COMPLETE COMPLETE http://nvd.nist.gov 2007-10-31T23:00:00.000-04:00 SECTRACK 1018863 IDEFENSE 20071025 Trend Micro Tmxpflt.sys IOCTL 0xa0284403 Buffer Overflow Vulnerability BID 26209 SECUNIA 27378 VUPEN ADV-2007-3627 CONFIRM http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793 CONFIRM http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190 The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.