|CVSS SCORE||5.4, (AV:L/AC:M/Au:N/C:N/I:P/A:C)|
The specific flaw exists within the processing of IOCTL 0x220008 in the TMWFP driver. The issue results from the lack of proper validation of the length of user-supplied data prior to using that length to initialize a pool-based buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges to kernel.
Trend Micro has issued an update to correct this vulnerability. More details can be found at: