var-200904-0402
Vulnerability from variot
The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory. Trend Micro Internet Security 2008 and 2009 are prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges, which may allow a complete compromise of the affected computer. This issue affects Internet Security and Internet Security Pro 2008 and 2009. It also blocks spyware, hackers, phishing fraud attempts, and unwanted Web sites. It can filter your email messages for spam as well.
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered multiple priviliege escalation vulnerabilities in Trend Micro products.
---[ Solution ]
Not available.
---[ Disclosure Timeline ]
02.04.2009 - Vendor notified no response 02.12.2009 - Second notification no response 03.31.2009 - Vulnerability details disclosed by third party 03.31.2009 - Public disclosure
---[ Credits ]
This vulnerability was discovered by Nikita Tarakanov, Positive Technologies Research Team.
---[ References ]
http://en.securitylab.ru/lab/PT-2009-09 http://www.ptsecurity.ru/advisory.asp
Complete list of vulnerability reports published by Positive Technologies Research Team:
http://en.securitylab.ru/lab/ http://www.ptsecurity.ru/advisory.asp
---[ About Positive Technologies ]
Positive Technologies www.ptsecurity.com is among the key players in the IT security market in Russia. The principal activities of the company include the development of integrated tools for information security monitoring (MaxPatrol); providing IT security consulting services and technical support; the development of the Securitylab en.securitylab.ru leading Russian information security portal.
Among the clients of Positive Technologies there are more than 40 state enterprises, more than 50 banks and financial organizations, 20 telecommunication companies, more than 40 plant facilities, as well as IT, service and retail companies from Russia, CIS countries, Baltic States, China, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, Mexico, South African Republic, Thailand, Turkey and USA.
Positive Technologies is a team of highly skilled developers, advisers and experts with years of vast hands-on experience. The company specialists possess professional titles and certificates; they are the members of various international societies and are actively involved in the IT security field development
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200904-0402",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "internet security",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "2009"
},
{
"model": "internet security",
"scope": "eq",
"trust": 1.6,
"vendor": "trendmicro",
"version": "2008"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "pro 2008 and 2009"
},
{
"model": "internet security pro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "2009"
},
{
"model": "internet security pro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "2008"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "2009"
},
{
"model": "internet security",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "2008"
}
],
"sources": [
{
"db": "BID",
"id": "34304"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-003"
},
{
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:trendmicro:internet_security:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:internet_security:2009:-:pro:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:internet_security:2008:-:pro:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:trendmicro:internet_security:2009:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nikita Tarakanov",
"sources": [
{
"db": "PACKETSTORM",
"id": "76242"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-003"
}
],
"trust": 0.7
},
"cve": "CVE-2009-0686",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2009-0686",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-0686",
"trust": 1.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200904-003",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-003"
},
{
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \\Device\\tmactmon that overwrites memory. Trend Micro Internet Security 2008 and 2009 are prone to a local privilege-escalation vulnerability. \nAn attacker can exploit this issue to execute arbitrary code with elevated privileges, which may allow a complete compromise of the affected computer. \nThis issue affects Internet Security and Internet Security Pro 2008 and 2009. It also blocks spyware, hackers, phishing \nfraud attempts, and unwanted Web sites. It can filter your email messages \nfor spam as well. \n\n---[ Vulnerability Description ]\n\nPositive Technologies Research Team has discovered multiple priviliege \nescalation vulnerabilities in Trend Micro products. \n\n\n---[ Solution ]\n\nNot available. \n\n---[ Disclosure Timeline ]\n\n02.04.2009 - Vendor notified\nno response\n02.12.2009 - Second notification\nno response\n03.31.2009 - Vulnerability details disclosed by third party\n03.31.2009 - Public disclosure\n\n\n---[ Credits ]\n\nThis vulnerability was discovered by Nikita Tarakanov, Positive Technologies \nResearch Team. \n\n\n---[ References ]\n\nhttp://en.securitylab.ru/lab/PT-2009-09\nhttp://www.ptsecurity.ru/advisory.asp\n\nComplete list of vulnerability reports published by Positive Technologies \nResearch Team:\n\nhttp://en.securitylab.ru/lab/\nhttp://www.ptsecurity.ru/advisory.asp\n\n\n---[ About Positive Technologies ]\n\nPositive Technologies www.ptsecurity.com is among the key players in the IT \nsecurity market in Russia. \nThe principal activities of the company include the development of \nintegrated tools for information security monitoring (MaxPatrol); providing \nIT security consulting services and technical support; the development of \nthe Securitylab en.securitylab.ru leading Russian information security \nportal. \n\nAmong the clients of Positive Technologies there are more than 40 state \nenterprises, more than 50 banks and financial organizations, 20 \ntelecommunication companies, more than 40 plant facilities, as well as IT, \nservice and retail companies from Russia, CIS countries, Baltic States, \nChina, Ecuador, Germany, Great Britain, Holland, Iran, Israel, Japan, \nMexico, South African Republic, Thailand, Turkey and USA. \n\nPositive Technologies is a team of highly skilled developers, advisers and \nexperts with years of vast hands-on experience. The company specialists \npossess professional titles and certificates; they are the members of \nvarious international societies and are actively involved in the IT security \nfield development",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-0686"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"db": "BID",
"id": "34304"
},
{
"db": "PACKETSTORM",
"id": "76242"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-0686",
"trust": 2.5
},
{
"db": "BID",
"id": "34304",
"trust": 1.9
},
{
"db": "EXPLOIT-DB",
"id": "8322",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1021955",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005835",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090331 [POSITIVE TECHNOLOGIES SA 2009-09] TREND MICRO INTERNET SECURITY PRO 2009 TMACTMON.SYS PRIVILIEGE ESCALATION VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "49513",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "8322",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200904-003",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "76242",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "34304"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"db": "PACKETSTORM",
"id": "76242"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-003"
},
{
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"id": "VAR-200904-0402",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2022-05-04T09:53:04.934000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.trendmicro.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://en.securitylab.ru/lab/pt-2009-09"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1021955"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/34304"
},
{
"trust": 1.6,
"url": "http://milw0rm.com/sploits/2009-trendmicro_local_expl_0day.zip"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49513"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/8322"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/502314/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0686"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0686"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/49513"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/502314/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/8322"
},
{
"trust": 0.3,
"url": "http://www.trendmicro.com/"
},
{
"trust": 0.3,
"url": "/archive/1/502314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0686"
},
{
"trust": 0.1,
"url": "http://www.trendmicro.com"
},
{
"trust": 0.1,
"url": "https://www.ptsecurity.com"
},
{
"trust": 0.1,
"url": "http://www.ptsecurity.ru/advisory.asp"
},
{
"trust": 0.1,
"url": "http://en.securitylab.ru/lab/"
}
],
"sources": [
{
"db": "BID",
"id": "34304"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"db": "PACKETSTORM",
"id": "76242"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-003"
},
{
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "34304"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"db": "PACKETSTORM",
"id": "76242"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-003"
},
{
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-03-30T00:00:00",
"db": "BID",
"id": "34304"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"date": "2009-04-01T01:36:01",
"db": "PACKETSTORM",
"id": "76242"
},
{
"date": "2009-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-003"
},
{
"date": "2009-04-01T10:30:00",
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-03-31T17:16:00",
"db": "BID",
"id": "34304"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-005835"
},
{
"date": "2009-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200904-003"
},
{
"date": "2018-10-10T19:30:00",
"db": "NVD",
"id": "CVE-2009-0686"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "34304"
},
{
"db": "PACKETSTORM",
"id": "76242"
},
{
"db": "CNNVD",
"id": "CNNVD-200904-003"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro Internet Pro and Security Pro of TrendMicro Activity Monitor Module Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-005835"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200904-003"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.