CVE-2007-0856 — Micro Client-server-messaging Security vulnerability

3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 64.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Client-server-messaging Security Trend Micro Damage Cleanup Services Trend Micro Pc-cillin Internet Security +4 more

Timeline

PublishedFeb 8

Latest updateMay 1

Description

TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users…

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages7 packages

▶NVDtrend_micro/trend_micro_antispyware3.0_sp2, 3.2_sp1, 3.5+2

▶NVDtrend_micro/trend_micro_antivirus2007

▶NVDtrend_micro/client-server-messaging_security3.5

▶NVDtrend_micro/pc-cillin_internet_security2007

▶NVDtrend_micro/damage_cleanup_services3.2

Patches

Patch: esupport.trendmicro.com ↗Patch: secunia.com ↗Patch: esupport.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-8whq-qmmg-8jxf: TmComm↗2022-05-01

▶

CVEList

CVE-2007-0856: TmComm↗2007-02-08

▶