Unrated severityNVD Advisory· Published Feb 8, 2007· Updated Apr 23, 2026

CVE-2007-0856

Description

TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.

Affected products

Trend Micro/Client Server Messaging Security
cpe:2.3:a:trend_micro:client-server-messaging_security:3.5:*:smb:*:*:*:*:*
Trend Micro/Damage Cleanup Services
cpe:2.3:a:trend_micro:damage_cleanup_services:3.2:*:*:*:*:*:*:*
Trend Micro/Pc Cillin Internet Security
cpe:2.3:a:trend_micro:pc-cillin_internet_security:2007:*:*:*:*:*:*:*
Trend Micro/Tmcomm.sys
cpe:2.3:a:trend_micro:tmcomm.sys:1.5.1052:*:*:*:*:*:*:*
Trend Micro/Trend Micro Antirootkit Common Module
cpe:2.3:a:trend_micro:trend_micro_antirootkit_common_module:*:*:*:*:*:*:*:*
Trend Micro/Antispyware3 versions
cpe:2.3:a:trend_micro:trend_micro_antispyware:3.0_sp2:*:enterprise:*:*:*:*:*+ 2 more
- cpe:2.3:a:trend_micro:trend_micro_antispyware:3.0_sp2:*:enterprise:*:*:*:*:*
- cpe:2.3:a:trend_micro:trend_micro_antispyware:3.2_sp1:*:smb:*:*:*:*:*
- cpe:2.3:a:trend_micro:trend_micro_antispyware:3.5:*:consumer:*:*:*:*:*
Trend Micro/Trend Micro Antivirus
cpe:2.3:a:trend_micro:trend_micro_antivirus:2007:*:*:*:*:*:*:*
Trend Micro/Vsapini.sys
cpe:2.3:a:trend_micro:vsapini.sys:3.320.1003:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

esupport.trendmicro.com/support/viewxml.donvdPatch
secunia.com/advisories/24069nvdPatchVendor Advisory
labs.idefense.com/intelligence/vulnerabilities/display.phpnvdVendor Advisory
www.kb.cert.org/vuls/id/282240nvdUS Government Resource
www.kb.cert.org/vuls/id/666800nvdUS Government Resource
osvdb.org/33039nvd
securitytracker.com/idnvd
securitytracker.com/idnvd
securitytracker.com/idnvd
www.securityfocus.com/bid/22448nvd
www.vupen.com/english/advisories/2007/0521nvd
exchange.xforce.ibmcloud.com/vulnerabilities/32353nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000