📦

pc-cillin_internet_security_2007

Vendor: trend_micro

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 0.07% Exploit Prob.

Latest CVE CVE-2007-4277 Oct 30

Security Vulnerability Index

Page 1 / 1

6.6 CVSS

CVE-2007-4277

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.

EPSS: 0.07%

Severity: MEDIUM

Oct 30, 2007

6.9 CVSS

CVE-2007-3873

RCE

Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.

EPSS: 0.08%

Severity: MEDIUM

Aug 22, 2007

Displaying 2 of 2 Total Entries

Total 1 Sections