CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0856

HIGH
7.2
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile15.86th
PublishedFeb 8, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.

Affected Platforms (CPE)

πŸ“¦
Trend Micro

Client Server Messaging Security

= 3.5
πŸ“¦
Trend Micro

Damage Cleanup Services

= 3.2
πŸ“¦
Trend Micro

Pc Cillin Internet Security

= 2007
πŸ“¦
Trend Micro

Tmcomm.sys

= 1.5.1052
πŸ“¦
Trend Micro

Trend Micro Antirootkit Common Module

All versions
πŸ“¦
Trend Micro

Trend Micro Antispyware

= 3.0_sp2
πŸ“¦
Trend Micro

Trend Micro Antispyware

= 3.2_sp1
πŸ“¦
Trend Micro

Trend Micro Antispyware

= 3.5
πŸ“¦
Trend Micro

Trend Micro Antivirus

= 2007
πŸ“¦
Trend Micro

Vsapini.sys

= 3.320.1003

References & Advisories

πŸ”— http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034432&id=EN-1034432
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=469
πŸ”— http://osvdb.org/33039
πŸ”— http://secunia.com/advisories/24069
πŸ”— http://securitytracker.com/id?1017604
πŸ”— http://securitytracker.com/id?1017605
πŸ”— http://securitytracker.com/id?1017606
πŸ”— http://www.kb.cert.org/vuls/id/282240

Related Vulnerabilities

CVE-2008-243710.0

Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro OfficeScan 7.3 patch 4 build 1362 and other builds, OfficeScan 8.0 a...

CVE-2008-194810.0

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not ...

CVE-2007-03259.3

Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as ...

CVE-2008-33649.3

Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp E...