CVE-2014-9641

Status: Analyzed

Last modified: 09-02-2015

Published: 06-02-2015

7.2

SUMMARY CVE-2014-9641

The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.

Access CVSS CVE-2014-9641

Attack Complexity	Attack Vector	Privileges Required	Scope	User Interaction
LOW	LOCAL	NONE	-	-

Impact CVSS CVE-2014-9641

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

Details CVE-2014-9641

EPSS	0.00061
EPSS %	0.27022
References	http://esupport.trendmicro.com/en-us/home/pages/technical-support/1106233.aspx http://www.exploit-db.com/exploits/35962 http://www.greyhathacker.net/?p=818 http://www.osvdb.org/115514
CWE	CWE-264
Vulnerable Configurations	cpe:2.3:a:trendmicro:tmeext.sys:2.0.0.1014:::::::* cpe:2.3:a:trendmicro:tmeext.sys:2.0.0.1014:::::::*