Full Disclosure mailing list archives
DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)
From: Silton Renato Pereira dos Santos <silton.santos () tempest com br>
Date: Tue, 23 Jun 2020 14:50:43 -0300
=====[ Tempest Security Intelligence - 2020]========================== Trend Password Manager Author: Silton Santos Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]===================================================== * Vulnerability Information * Overview * Detailed description * Thanks & Acknowledgements * References =====[ Vulnerability Information]============================================= * Class: Uncontrolled Search Path Element [CWE-427][1] * CVSSv3 Score: 7.3 * CVE-2020-8469 =====[ Overview]============================================================== * System affected : Trend Micro Password Manager Version 5.0[2] * Impact : An user could obtain SYSTEM privileges. =====[ Detailed description]================================================== A DLL hijacking vulnerabilty in Trend Micro Password Manager 5.0 on Windows which could potentially allow an attacker privileged escalation. more details: https://sidechannel.tempestsi.com/dll-hijacking-at-the-trend-micro-password-manager-cve-2020-8469-461477b796d8 =====[ Thanks & Acknowledgements]============================================ - Tempest Security Intelligence [3] =====[ References ]=========================================================== [1] https://cwe.mitre.org/data/definitions/427.html [2] https://helpcenter.trendmicro.com/en-us/article/TMKA-09126 [3] http://www.tempest.com.br =====[ EOF ]==================================================================== _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) Silton Renato Pereira dos Santos (Jun 23)