Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2007-0856

EPSS 0.15% · P35
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-0856

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Trend Micro病毒扫描引擎TMComm本地权限提升漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Trend Micro病毒扫描引擎为桌面、服务器和网关提供杀毒功能。 Trend Micro的病毒扫描引擎中所捆绑的TmComm.sys驱动没有对\\.\TmComm DOS设备接口设置安全的权限,对Everyone给予了写权限。这允许本地登录的用户通过IOCTL访问仅应由特权用户才能访问的功能。 此外,这个DOS设备接口的IOCTL处理器没有验证对其传送的地址,允许在内核(RING 0)环境中覆盖任意内存或执行任意指令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2007-0856

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2007-0856

登录查看更多情报信息。

Same Patch Batch · n/a · 2007-02-08 · 34 CVEs total

CVE-2007-0844pam_ssh空密码短语绕过认证限制漏洞
CVE-2007-0855RARLabs Unrar口令提示栈溢出漏洞
CVE-2007-0857MoinMoin 多个跨站脚本攻击漏洞
CVE-2006-2219phpBBSQL注入漏洞
CVE-2006-2220phpBB完整路径泄露漏洞
CVE-2006-6975CentiPaid 代码注入漏洞
CVE-2006-6976CentiPaid 'centipaid_class.php'PHP远程文件包含漏洞
CVE-2006-6977FreeTextBox 跨站脚本攻击漏洞
CVE-2006-6978FCKEditor "Basic Toolbar Selection"跨站脚本攻击漏洞
CVE-2007-0854Cpanel Web Hosting Manager OBJCache.PHP 远程文件包含漏洞
CVE-2007-0840Hlstats 跨站脚本攻击漏洞
CVE-2007-0841vbDrupal 多个未明漏洞
CVE-2007-0835Coppermine Photo Gallery 'admin.php'任意命令执行漏洞
CVE-2007-0836Coppermine Photo Galleryadmin.php 任意文件包含漏洞
CVE-2007-0837AgerMenu 'examples/inc/top.inc.php'PHP远程文件包含漏洞
CVE-2007-0838FreeProxy 拒绝服务漏洞
CVE-2007-0839Valarsoft WebMatic 'index/index_album.php'多个PHP远程文件包含漏洞
CVE-2007-0446HP Mercury产品magnetproc.exe栈缓冲区溢出漏洞
CVE-2007-0853DevTrack SQL注入漏洞
CVE-2007-0852DevTrack 跨站脚本攻击漏洞

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2007-0856

No comments yet

Leave a comment