Details of VAR-200904-0402

ID

VAR-200904-0402

CVE

CVE-2009-0686

TITLE

Trend Micro Internet Pro and Security Pro of TrendMicro Activity Monitor Module Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2009-005835

DESCRIPTION

The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory. Trend Micro Internet Security 2008 and 2009 are prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges, which may allow a complete compromise of the affected computer. This issue affects Internet Security and Internet Security Pro 2008 and 2009. It also blocks spyware, hackers, phishing fraud attempts, and unwanted Web sites. It can filter your email messages for spam as well. ---[ Vulnerability Description ] Positive Technologies Research Team has discovered multiple priviliege escalation vulnerabilities in Trend Micro products. ---[ Solution ] Not available. ---[ Disclosure Timeline ] 02.04.2009 - Vendor notified no response 02.12.2009 - Second notification no response 03.31.2009 - Vulnerability details disclosed by third party 03.31.2009 - Public disclosure ---[ Credits ] This vulnerability was discovered by Nikita Tarakanov, Positive Technologies Research Team. ---[ References ] http://en.securitylab.ru/lab/PT-2009-09 http://www.ptsecurity.ru/advisory.asp Complete list of vulnerability reports published by Positive Technologies Research Team: http://en.securitylab.ru/lab/ http://www.ptsecurity.ru/advisory.asp ---[ About Positive Technologies ] Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia. The principal activities of the company include the development of integrated tools for information security monitoring (MaxPatrol); providing IT security consulting services and technical support; the development of the Securitylab en.securitylab.ru leading Russian information security portal. Among the clients of Positive Technologies there are more than 40 state enterprises, more than 50 banks and financial organizations, 20 telecommunication companies, more than 40 plant facilities, as well as IT, service and retail companies from Russia, CIS countries, Baltic States, China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, Mexico, South African Republic, Thailand, Turkey and USA. Positive Technologies is a team of highly skilled developers, advisers and experts with years of vast hands-on experience. The company specialists possess professional titles and certificates; they are the members of various international societies and are actively involved in the IT security field development

Trust: 1.98

sources: NVD: CVE-2009-0686 // JVNDB: JVNDB-2009-005835 // BID: 34304 // PACKETSTORM: 76242

AFFECTED PRODUCTS

vendor:	trendmicro	model:	internet security	scope:	eq	version:	2009	Trust: 1.6
vendor:	trendmicro	model:	internet security	scope:	eq	version:	2008	Trust: 1.6
vendor:	trend micro	model:	internet security	scope:	eq	version:	pro 2008 and 2009	Trust: 0.8
vendor:	trend micro	model:	internet security pro	scope:	eq	version:	2009	Trust: 0.3
vendor:	trend micro	model:	internet security pro	scope:	eq	version:	2008	Trust: 0.3
vendor:	trend micro	model:	internet security	scope:	eq	version:	2009	Trust: 0.3
vendor:	trend micro	model:	internet security	scope:	eq	version:	2008	Trust: 0.3

sources: BID: 34304 // JVNDB: JVNDB-2009-005835 // CNNVD: CNNVD-200904-003 // NVD: CVE-2009-0686

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2009-0686
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-200904-003
value:	HIGH
Trust: 0.6

NVD:	CVE-2009-0686
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2009-005835 // CNNVD: CNNVD-200904-003 // NVD: CVE-2009-0686

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.8

sources: JVNDB: JVNDB-2009-005835 // NVD: CVE-2009-0686

THREAT TYPE

local

Trust: 1.0

sources: BID: 34304 // PACKETSTORM: 76242 // CNNVD: CNNVD-200904-003

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200904-003

CONFIGURATIONS

sources: NVD: CVE-2009-0686

PATCH

title:

Top Page

url:

http://www.trendmicro.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-005835

EXTERNAL IDS

db:	NVD	id:	CVE-2009-0686	Trust: 2.5
db:	BID	id:	34304	Trust: 1.9
db:	EXPLOIT-DB	id:	8322	Trust: 1.6
db:	SECTRACK	id:	1021955	Trust: 1.6
db:	JVNDB	id:	JVNDB-2009-005835	Trust: 0.8
db:	BUGTRAQ	id:	20090331 [POSITIVE TECHNOLOGIES SA 2009-09] TREND MICRO INTERNET SECURITY PRO 2009 TMACTMON.SYS PRIVILIEGE ESCALATION VULNERABILITIES	Trust: 0.6
db:	XF	id:	49513	Trust: 0.6
db:	MILW0RM	id:	8322	Trust: 0.6
db:	CNNVD	id:	CNNVD-200904-003	Trust: 0.6
db:	PACKETSTORM	id:	76242	Trust: 0.1

sources: BID: 34304 // JVNDB: JVNDB-2009-005835 // PACKETSTORM: 76242 // CNNVD: CNNVD-200904-003 // NVD: CVE-2009-0686

REFERENCES

url:	http://en.securitylab.ru/lab/pt-2009-09	Trust: 1.7
url:	http://www.securitytracker.com/id?1021955	Trust: 1.6
url:	http://www.securityfocus.com/bid/34304	Trust: 1.6
url:	http://milw0rm.com/sploits/2009-trendmicro_local_expl_0day.zip	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/49513	Trust: 1.0
url:	https://www.exploit-db.com/exploits/8322	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/502314/100/0/threaded	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0686	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0686	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/49513	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/502314/100/0/threaded	Trust: 0.6
url:	http://www.milw0rm.com/exploits/8322	Trust: 0.6
url:	http://www.trendmicro.com/	Trust: 0.3
url:	/archive/1/502314	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0686	Trust: 0.1
url:	http://www.trendmicro.com	Trust: 0.1
url:	https://www.ptsecurity.com	Trust: 0.1
url:	http://www.ptsecurity.ru/advisory.asp	Trust: 0.1
url:	http://en.securitylab.ru/lab/	Trust: 0.1

sources: BID: 34304 // JVNDB: JVNDB-2009-005835 // PACKETSTORM: 76242 // CNNVD: CNNVD-200904-003 // NVD: CVE-2009-0686

CREDITS

Nikita Tarakanov

Trust: 0.7

sources: PACKETSTORM: 76242 // CNNVD: CNNVD-200904-003

SOURCES

db:	BID	id:	34304
db:	JVNDB	id:	JVNDB-2009-005835
db:	PACKETSTORM	id:	76242
db:	CNNVD	id:	CNNVD-200904-003
db:	NVD	id:	CVE-2009-0686

LAST UPDATE DATE

2022-05-04T09:53:04.934000+00:00

SOURCES UPDATE DATE

db:	BID	id:	34304	date:	2009-03-31T17:16:00
db:	JVNDB	id:	JVNDB-2009-005835	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200904-003	date:	2009-04-10T00:00:00
db:	NVD	id:	CVE-2009-0686	date:	2018-10-10T19:30:00

SOURCES RELEASE DATE

db:	BID	id:	34304	date:	2009-03-30T00:00:00
db:	JVNDB	id:	JVNDB-2009-005835	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	76242	date:	2009-04-01T01:36:01
db:	CNNVD	id:	CNNVD-200904-003	date:	2009-03-30T00:00:00
db:	NVD	id:	CVE-2009-0686	date:	2009-04-01T10:30:00