CVE-2014-9641

Trend Micro Antivirus <2.0.0.1015 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9641. PoCs published by Parvez Anwar.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in Trend Micro's tmeext.sys driver (CVE-2014-9641) by leveraging arbitrary write to overwrite the HalDispatchTable and execute token-stealing shellcode. It is designed for Windows XP SP3 and spawns a command shell with elevated privileges.

Description

The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.

Exploits (1)

exploitdb WORKING POC
by Parvez Anwar · clocalwindows
https://www.exploit-db.com/exploits/35962

This exploit targets a privilege escalation vulnerability in Trend Micro's tmeext.sys driver (CVE-2014-9641) by leveraging arbitrary write to overwrite the HalDispatchTable and execute token-stealing shellcode. It is designed for Windows XP SP3 and spawns a command shell with elevated privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Trend Micro Multiple Products (tmeext.sys) 2.0.0.1009
No auth needed
Prerequisites: Windows XP SP3 32-bit · Trend Micro product with vulnerable tmeext.sys driver
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit x_refsource_misc
http://www.greyhathacker.net/?p=818
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35962
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/115514

Scores

EPSS 0.0053
EPSS Percentile 67.6%

Details

CWE
CWE-264
Status published
Products (1)
trendmicro/tmeext.sys < 2.0.0.1014
Published Feb 06, 2015
Tracked Since Feb 18, 2026