Trend Micro TMTDI.SYS Privilege Escalation Exploit Update

This module exploits a privilege escalation vulnerability in the tmtdi.sys driver of Trend Micro Titanium Maximum Security and OfficeScan products. The vulnerable driver trusts a dword passed from user mode via IOCTL 0x220404, and interprets it as a function pointer without performing validations. This vulnerability allows unprivileged local users to execute code with SYSTEM privileges. This update adds support for the Trend Micro OfficeScan product, as well as support for Windows Server 2003 and Windows Server 2008 platforms.
Exploit type: 
Vulnerabilty ID: 
Released Date: 
Thursday, January 27, 2011 - 18:00