CVE-2007-0856

Name of the Vulnerable Software and Affected Versions: Trend Micro Anti-Rootkit Common Module (RCM) version 1.5.0.1052 Trend Micro PC-cillin Internet Security 2007 Trend Micro Antivirus 2007 Trend Micro Anti-Spyware for SMB 3.2 SP1 Trend Micro Anti-Spyware for Consumer 3.5 Trend Micro Anti-Spyware for Enterprise 3.0 SP2 Trend Micro Client / Server / Messaging Security for SMB 3.5 Trend Micro Damage Cleanup Services 3.2

Description: The issue allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context due to the assignment of Everyone write permission for the .TmComm DOS device interface.

Recommendations: For Trend Micro Anti-Rootkit Common Module (RCM) version 1.5.0.1052, consider restricting access to the TmComm.sys module until a patch is available. For Trend Micro PC-cillin Internet Security 2007, update the VsapiNI.sys scan engine to a version that does not assign Everyone write permission for the .TmComm DOS device interface. For Trend Micro Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, and Damage Cleanup Services 3.2, apply configuration changes to limit the permissions assigned to the .TmComm DOS device interface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.