DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)

fulldisclosure logo Full Disclosure mailing list archives

  By Date           By Thread        

DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)


From: Silton Renato Pereira dos Santos <silton.santos () tempest com br>
Date: Tue, 23 Jun 2020 14:50:43 -0300


=====[ Tempest Security Intelligence - 2020]========================== Trend Password Manager
Author: Silton Santos
Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of
Contents]===================================================== * Vulnerability Information
* Overview
* Detailed description
* Thanks & Acknowledgements
* References =====[ Vulnerability
Information]============================================= * Class: Uncontrolled Search Path Element [CWE-427][1]
* CVSSv3 Score: 7.3
* CVE-2020-8469 =====[
Overview]============================================================== * System affected : Trend Micro Password Manager Version 5.0[2]
* Impact : An user could obtain SYSTEM privileges. =====[ Detailed
description]================================================== A DLL hijacking vulnerabilty in Trend Micro Password Manager 5.0 on Windows
which
could potentially allow an attacker privileged escalation. more details:
https://sidechannel.tempestsi.com/dll-hijacking-at-the-trend-micro-password-manager-cve-2020-8469-461477b796d8 =====[ Thanks &
Acknowledgements]============================================ - Tempest Security Intelligence [3] =====[ References
]=========================================================== [1] https://cwe.mitre.org/data/definitions/427.html [2] https://helpcenter.trendmicro.com/en-us/article/TMKA-09126 [3] http://www.tempest.com.br =====[ EOF
]==================================================================== _______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/ 

  By Date           By Thread  

Current thread:

  • DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) Silton Renato Pereira dos Santos (Jun 23)

Follow me for more information.

Uncategorized

Product categories

Post

July 2020
SMTWTFS
 1234
567891011
12131415161718
19202122232425
262728293031 
X