DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)

[Silton Renato Pereira dos Santos <silton.santos () tempest com br>]

=====[ Tempest Security Intelligence - 2020]==========================

Trend Password Manager
Author: Silton Santos
Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of
Contents]=====================================================

* Vulnerability Information
* Overview
* Detailed description
* Thanks & Acknowledgements
* References

=====[ Vulnerability
Information]=============================================

* Class: Uncontrolled Search Path Element [CWE-427][1]
* CVSSv3 Score: 7.3
* CVE-2020-8469

=====[
Overview]==============================================================

* System affected : Trend Micro Password Manager Version 5.0[2]
* Impact : An user could obtain SYSTEM privileges.

=====[ Detailed
description]==================================================

A DLL hijacking vulnerabilty in Trend Micro Password Manager 5.0 on Windows
which
could potentially allow an attacker privileged escalation.

more details:
https://sidechannel.tempestsi.com/dll-hijacking-at-the-trend-micro-password-manager-cve-2020-8469-461477b796d8


=====[ Thanks &
Acknowledgements]============================================

- Tempest Security Intelligence [3]

=====[ References
]===========================================================

[1] https://cwe.mitre.org/data/definitions/427.html

[2] https://helpcenter.trendmicro.com/en-us/article/TMKA-09126

[3] http://www.tempest.com.br

=====[ EOF
]====================================================================

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/