Title: Trend Micro AntiVirus Engine Tmxpflt.SYS Local Buffer Overflow Vulnerability
Severity: HIGH
Description:
Trend Micro AntiVirus engine is a component of several antivirus applications used for detecting and removing spyware. PC-cillin Internet Security is a security application that helps protect users from malicious internet content.
These applications are prone to a local buffer-overflow vulnerability because the AntiVirus engine fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
This issue occurs because local users have write permissions on the '\\.\Tmfilter' DOS device interface, allowing them to access functionality intended for higher privileges. The IOCTL handler of this device interface for IOCTL 0xa0284403 fails to perform adequate size checks before copying user-supplied data to a fixed-sized buffer.
Successful exploits may allow an attacker to execute arbitrary machine code with SYSTEM-level privileges and completely compromise affected computers. Failed exploit attempts could crash the computer, denying service to legitimate users.
Applications that incorporate 'Tmxpflt.sys' 8.320.1004 and 8.500.0.1002 from the AntiVirus engine are vulnerable, including Trend Micro PC-cillin Internet Security 2007, ServerProtect, and OfficeScan.
Affected Products:
- Trend Micro Anti-Spyware for Consumer 3.5
- Trend Micro Antivirus 2007
- Trend Micro Office Scan 7.3
- Trend Micro OfficeScan Corporate Edition 3.0.0
- Trend Micro OfficeScan Corporate Edition 3.11.0
- Trend Micro OfficeScan Corporate Edition 3.13.0
- Trend Micro OfficeScan Corporate Edition 3.5.0
- Trend Micro OfficeScan Corporate Edition 3.54.0
- Trend Micro OfficeScan Corporate Edition 5.0.0 2
- Trend Micro OfficeScan Corporate Edition 5.5.0
- Trend Micro OfficeScan Corporate Edition 5.58.0
- Trend Micro OfficeScan Corporate Edition 6.0
- Trend Micro OfficeScan Corporate Edition 6.5
- Trend Micro OfficeScan Corporate Edition 6.5.0
- Trend Micro OfficeScan Corporate Edition 7.0
- Trend Micro OfficeScan Corporate Edition 7.0.0
- Trend Micro OfficeScan Corporate Edition 7.3
- Trend Micro OfficeScan Corporate Edition 7.3
- Trend Micro OfficeScan Corporate Edition 8.0
- Trend Micro OfficeScan Corporate Edition 8.0.patch build 1042
- Trend Micro OfficeScan Corporate Edition for SMB2.0 6.0
- Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.0.0
- Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.1.1
- Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.11.0
- Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.13.0
- Trend Micro OfficeScan Corporate Edition for Windows NT Server 3.5.0
- Trend Micro OfficeScan For Microsoft SBS 4.5.0
- Trend Micro PC-Cillin Internet Security 2007
- Trend Micro Server Protect 5.58
- Trend Micro ServerProtect 5.3.1
- Trend Micro ServerProtect 5.5.8
- Trend Micro ServerProtect 5.58
- Trend Micro ServerProtect for EMC 5.58
- Trend Micro ServerProtect for Linux
- Trend Micro ServerProtect for Linux 1.2.0
- Trend Micro ServerProtect for Network Appliance Filer 5.61
- Trend Micro ServerProtect for Network Appliance Filer 5.62
- Trend Micro ServerProtect for Novell Netware
- Trend Micro ServerProtect for Windows
- Trend Micro ServerProtect for Windows 5.58
References:
- Trend Micro: Trend Micro Homepage
- Trend Micro: [Vulnerability Response] Buffer overflow in Scan Engine Tmxpflt.sys 8.320.1004 a
- iDefense Labs: iDefense Security Advisory 10.25.07
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
