Vigil@nce - Trend Micro Internet Security: privilege escalation via ioctl
August 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use an ioctl call to Trend Micro Internet
Security, in order to write to the kernel memory or trigger a
denial of service.
Impacted products: TrendMicro Internet Security.
Severity: 2/4.
Creation date: 19/06/2017.
DESCRIPTION OF THE VULNERABILITY
The Trend Micro Internet Security includes a kernel driver.
However, the ioctl system call implementation does not rightly
check its arguments.
An attacker can use an ioctl call to Trend Micro Internet
Security, in order to write to the kernel memory or trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN