Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
https://exchange.xforce.ibmcloud.com/vulnerabilities/25415
http://www.vupen.com/english/advisories/2006/1041
http://www.secumind.net/content/french/modules/news/article.php?storyid=9&sel_lang=english