=====[ Tempest Security Intelligence - ADV-02/2019 ]========================== Trend Maximum Security 2019 Author: Silton Santos Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]===================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Vulnerability Information]============================================= * Class: Unquoted Search Path or Element [CWE-428][1] * CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H * CVE-2019-14685 =====[ Overview]============================================================== * System affected : Trend Maximum Security 2019.[2] * Impact : An user could obtain SYSTEM privileges. =====[ Detailed description]================================================== This application provide a unquoted path in the parameter lpApplicationName of the function CreateProcessW during process create PwmConsole.exe --- which is triggered from the feature PC Health Checkup. If an attacker has write permissions to C:\ or C:\Program Files\, it could deliver an arbitrary executable named Program.exe or Trend.exe which would be executed by the coreServiceShell process. coreServiceShell is a privileged process that will run Program.exe with same privilege. More Details: https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escalação-de-privilégios-no-windows-471403d53b68 =====[ Timeline of disclosure]=============================================== * 24/04/2019 - Responsible disclosure started with Trend Micro; * 25/04/2019 - Analysis of the issue is started; * 10/05/2019 - Trend Micro requires more information about the PoC; * 22/05/2019 - Vendor developed and sent patch and asked for an analysis of the fix; * 28/05/2019 - Trend Micro thanked for the help and mentioned the process os aknowledgement (which includes the CVE reservation and Security Advisory post in in their webpage); * 31/07/2019 - Vendor issued a new patch and sent it to be analysed; * 13/08/2019 - CVE-2019-14685 was reserved, and a link to security advisory was provided. =====[ Thanks & Acknowledgements]============================================ - Tempest Security Intelligence [3] =====[ References ]=========================================================== [1] https://cwe.mitre.org/data/definitions/428.html [2] https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx [3] http://www.tempest.com.br =====[ EOF ]====================================================================
Attachment:
advtrend
Description: Binary data
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/