PT-2009-3316 · Trend Micro · Trend Micro Security+1

B1@Ckeye

Published

2009-04-01

Updated

2018-10-10

CVE-2009-0686

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Trend Micro Internet Pro versions 2008 and 2009 Trend Micro Security Pro versions 2008 and 2009

Description The issue allows local users to gain privileges through a crafted IRP in a METHOD NEITHER IOCTL request to the Devicetmactmon device, which overwrites memory.

Recommendations For Trend Micro Internet Pro versions 2008 and 2009, update the TrendMicro Activity Monitor Module to a version that is not affected by this issue. For Trend Micro Security Pro versions 2008 and 2009, update the TrendMicro Activity Monitor Module to a version that is not affected by this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2009-0686

Affected Products

Trend Micro Internet Pro

Trend Micro Security

PT-2009-3316 · Trend Micro · Trend Micro Security+1

CVE-2009-0686

Weakness Enumeration

Related Identifiers

Affected Products

References · 9