|
|
This vulnerability exists due to insecure permissions on the \\.\Tmfilter DOS device interface. The permissions on this device allow write access to everyone. This could allow a locally logged-in user to access functionality via IOCTLs, which was designed for privileged use only.
|
|
Risk Analysis
|
|
Related exploit range (AccessVector): Local
|
|
Attack complexity (AccessComplexity): Low
|
|
Level of authentication needed: Required
|
|
Confidentiality impact: None
|
|
Integrity impact: Complete
|
|
Availability impact: Complete
|
|
This vulnerability was reported to Trend Micro by iDefense Vulnerability Labs. It affects all Trend Micro products using the Scan Engine Filter.
|
|
The fix for this issue is included in Scan Engine 8.550-1001. This version will be available for download from the ActiveUpdate server on 30 October 2007.
|
|
For more information regarding the issues fixed by Scan Engine 8.550-1001, please refer to
Issues resolved by Scan Engine 8.550-1001.
|