CVE-2009-0686

TrendMicro Activity Monitor Module <2.52.0.1002 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0686. PoCs published by b1@ckeYe.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in Trend Micro Internet Security Pro 2009's tmactmon.sys driver. It leverages improper IOCTL handling to execute arbitrary code in kernel space.

Description

The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by b1@ckeYe · textlocalwindows

https://www.exploit-db.com/exploits/8322

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in Trend Micro Internet Security Pro 2009's tmactmon.sys driver. It leverages improper IOCTL handling to execute arbitrary code in kernel space.

Classification

Working Poc 80%

Attack Type

Lpe

Complexity

Moderate

Reliability

Theoretical

Target: Trend Micro Internet Security Pro 2009

No auth needed

Prerequisites: Local access to the system · Presence of Trend Micro Internet Security Pro 2009 with tmactmon.sys driver

MITRE ATT&CK