CVE-2009-0686

high

Description

The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory.

References

https://www.exploit-db.com/exploits/8322

https://exchange.xforce.ibmcloud.com/vulnerabilities/49513

http://www.securitytracker.com/id?1021955

http://www.securityfocus.com/archive/1/502314/100/0/threaded

http://en.securitylab.ru/lab/PT-2009-09

Details

Source: Mitre, NVD

Published: 2009-04-01

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00226