Vulnerabilities > CVE-2009-0686 - Resource Management Errors vulnerability in Trendmicro Internet Security 2008/2009
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Trend Micro Internet Security Pro 2009 Priviliege Escalation PoC. CVE-2009-0686. Local exploit for windows platform |
| file | exploits/windows/local/8322.txt |
| id | EDB-ID:8322 |
| last seen | 2016-02-01 |
| modified | 2009-03-30 |
| platform | windows |
| port | |
| published | 2009-03-30 |
| reporter | b1@ckeYe |
| source | https://www.exploit-db.com/download/8322/ |
| title | Trend Micro Internet Security Pro 2009 - Priviliege Escalation PoC |
| type | local |
Seebug
| bulletinFamily | exploit |
| description | UGTRAQ ID: 34304 CVE(CAN) ID: CVE-2009-0686 趋势科技的Internet Security是一套可适合保护家庭用户多台计算机的网络安全产品。 Internet Security的tmactmon.sys驱动的IOCTL处理器对IOCTL调用使用了METHOD_NEITHER通讯方式,但没有正确地验证Irp对象相关的缓冲区数据,这允许本地用户获得SYSTEM权限。 Trend Micro Internet Security Pro 2009 Trend Micro Internet Security Pro 2008 Trend Micro Internet Security 2009 Trend Micro Internet Security 2008 Trend Micro ----------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.antivirus.com/ target=_blank rel=external nofollow>http://www.antivirus.com/</a> |
| id | SSV:4976 |
| last seen | 2017-11-19 |
| modified | 2009-04-02 |
| published | 2009-04-02 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4976 |
| title | 趋势科技Internet Security tmactmon.sys驱动本地权限提升漏洞 |
References
- http://en.securitylab.ru/lab/PT-2009-09
- http://milw0rm.com/sploits/2009-trendmicro_local_expl_0day.zip
- http://www.securityfocus.com/archive/1/502314/100/0/threaded
- http://www.securityfocus.com/bid/34304
- http://www.securitytracker.com/id?1021955
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49513
- https://www.exploit-db.com/exploits/8322