// For flags

CVE-2007-0856

 

Severity Score

7.2
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.

TmComm.sys 1.5.0.1052 en el Trend Micro Anti-Rootkit Common Module (RCM), con el motor de búsqueda VsapiNI.sys 3.320.0.1003, como se usa en Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware para SMB 3.2 SP1, Anti-Spyware para Consumer 3.5, Anti-Spyware para Enterprise 3.0 SP2, Client / Server / Messaging Security para SMB 3.5, Damage Cleanup Services 3.2, y posiblemente otros productos, asigna permisos de escritura para TODOS para la interfaz de dispositivo DOS \\.\TmComm, que permite a usuarios locales acceder a IOCTLs privilegiadas y ejecutar código de su elección o sobre-escribir memoria de su elección en el contexto Kernel.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-08 CVE Reserved
  • 2007-02-08 CVE Published
  • 2024-07-03 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Trend Micro
Search vendor "Trend Micro"
Client-server-messaging Security
Search vendor "Trend Micro" for product "Client-server-messaging Security"
3.5
Search vendor "Trend Micro" for product "Client-server-messaging Security" and version "3.5"
smb
Affected
Trend Micro
Search vendor "Trend Micro"
Damage Cleanup Services
Search vendor "Trend Micro" for product "Damage Cleanup Services"
3.2
Search vendor "Trend Micro" for product "Damage Cleanup Services" and version "3.2"
-
Affected
Trend Micro
Search vendor "Trend Micro"
Pc-cillin Internet Security
Search vendor "Trend Micro" for product "Pc-cillin Internet Security"
2007
Search vendor "Trend Micro" for product "Pc-cillin Internet Security" and version "2007"
-
Affected
Trend Micro
Search vendor "Trend Micro"
Tmcomm.sys
Search vendor "Trend Micro" for product "Tmcomm.sys"
1.5.1052
Search vendor "Trend Micro" for product "Tmcomm.sys" and version "1.5.1052"
-
Affected
Trend Micro
Search vendor "Trend Micro"
Trend Micro Antirootkit Common Module
Search vendor "Trend Micro" for product "Trend Micro Antirootkit Common Module"
*-
Affected
Trend Micro
Search vendor "Trend Micro"
Trend Micro Antispyware
Search vendor "Trend Micro" for product "Trend Micro Antispyware"
3.0_sp2
Search vendor "Trend Micro" for product "Trend Micro Antispyware" and version "3.0_sp2"
enterprise
Affected
Trend Micro
Search vendor "Trend Micro"
Trend Micro Antispyware
Search vendor "Trend Micro" for product "Trend Micro Antispyware"
3.2_sp1
Search vendor "Trend Micro" for product "Trend Micro Antispyware" and version "3.2_sp1"
smb
Affected
Trend Micro
Search vendor "Trend Micro"
Trend Micro Antispyware
Search vendor "Trend Micro" for product "Trend Micro Antispyware"
3.5
Search vendor "Trend Micro" for product "Trend Micro Antispyware" and version "3.5"
consumer
Affected
Trend Micro
Search vendor "Trend Micro"
Trend Micro Antivirus
Search vendor "Trend Micro" for product "Trend Micro Antivirus"
2007
Search vendor "Trend Micro" for product "Trend Micro Antivirus" and version "2007"
-
Affected
Trend Micro
Search vendor "Trend Micro"
Vsapini.sys
Search vendor "Trend Micro" for product "Vsapini.sys"
3.320.1003
Search vendor "Trend Micro" for product "Vsapini.sys" and version "3.320.1003"
-
Affected