PT-2009-09: Trend Micro Internet Security Pro 2009 tmactmon.sys Priviliege Escalation Vulnerabilities Affected Software Trend Micro Trend Micro Internet Security Pro 2009 Trend Micro Internet Security 2009 Trend Micro Internet Security Pro 2008 Trend Micro Internet Security 2008 Product Link: http://www.trendmicro.com Severity Rating Severity: Medium Impact: Priviliege Escalation Attack Vector: Local CVSS v2 Base Score: 6.9 Temporal Score: 6.6 Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C) CVE: CVE-2009-0686 Software Description Trend Micro(TM) Internet Security Pro provides comprehensive protection against viruses, Trojan horse programs, worms, and other threats, including network viruses and rootkits. It also blocks spyware, hackers, phishing fraud attempts, and unwanted Web sites. It can filter your email messages for spam as well. Vulnerability DescriptionPositive Technologies Research Team has discovered multiple priviliege escalation vulnerabilities in Trend Micro products.The IOCTL handler in tmactmon.sys uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate buffer data associated with the Irp object, which allows local users to gain SYSTEM privilieges. SolutionNot available.Disclosure Timeline 02.04.2009 - Vendor notified no response 02.12.2009 - Second notification no response 03.31.2009 - Vulnerability details disclosed by third party 03.31.2009 - Public disclosure CreditsThis vulnerability was discovered by Nikita Tarakanov, Positive Technologies Research Team. Referenceshttp://en.securitylab.ru/lab/PT-2009-09 http://www.ptsecurity.ru/advisory.aspComplete list of vulnerability reports published by Positive Technologies Research Team: http://en.securitylab.ru/lab/ http://www.ptsecurity.ru/advisory.asp