CVE-2007-0602

Trend Micro VirusWall 3.81 - Local Privilege Escalation via Long Command Line Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0602. PoCs published by Sebastian Wolfgarten.

AI-analyzed exploit summary This exploit leverages a buffer overflow in the `vscan` binary (part of Trend Micro VirusWall 3.81) to achieve local privilege escalation. The vulnerable binary is SUID root, and the exploit overwrites the return address to execute shellcode, granting a root shell.

Description

Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sebastian Wolfgarten · clocallinux

https://www.exploit-db.com/exploits/3213

View Code ZIP pw:eip

This exploit leverages a buffer overflow in the `vscan` binary (part of Trend Micro VirusWall 3.81) to achieve local privilege escalation. The vulnerable binary is SUID root, and the exploit overwrites the return address to execute shellcode, granting a root shell.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Trend Micro VirusWall 3.81 (vscan with libvsapi.so)

Auth required

Prerequisites: Access to a system with Trend Micro VirusWall 3.81 installed · Membership in the 'iscan' group or root access to make vscan executable

MITRE ATT&CK