CVE-2007-4277

Name of the Vulnerable Software and Affected Versions Trend Micro AntiVirus scan engine versions prior to 8.550-1001 Trend Micro PC-Cillin Internet Security 2007 Tmxpflt.sys versions 8.320.1004 and 8.500.0.1002

Description The issue is related to weak permissions for the .Tmfilter device, allowing local users to send arbitrary content via the IOCTL functionality. This can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.

Recommendations For Trend Micro AntiVirus scan engine versions prior to 8.550-1001, update to version 8.550-1001 or later. For Trend Micro PC-Cillin Internet Security 2007, update the Trend Micro AntiVirus scan engine to version 8.550-1001 or later. For Tmxpflt.sys versions 8.320.1004 and 8.500.0.1002, update Tmxpflt.sys to a version later than 8.500.0.1002. As a temporary workaround, consider restricting access to the .Tmfilter device to minimize the risk of exploitation.