lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 20 Aug 2019 14:55:55 -0300
From: Silton Renato Pereira dos Santos <>
Subject: [FD] Unquoted Path - Trend Micro

=====[ Tempest Security Intelligence - ADV-02/2019

Trend Maximum Security 2019
Author: Silton Santos
Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of

* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability

* Class: Unquoted Search Path or Element [CWE-428][1]
* CVE-2019-14685


* System affected : Trend Maximum Security 2019.[2]
* Impact : An user could obtain SYSTEM privileges.

=====[ Detailed

This application provide a unquoted path in the parameter lpApplicationName
of the function CreateProcessW during process create PwmConsole.exe ---
which is triggered from the feature PC Health Checkup.

If an attacker has write permissions to C:\ or C:\Program Files\, it could
deliver an arbitrary executable named  Program.exe or Trend.exe which would
be executed by the coreServiceShell process.

coreServiceShell is a privileged process that will run Program.exe with
same privilege.

More Details:ção-de-privilégios-no-windows-471403d53b68

=====[ Timeline of

* 24/04/2019 - Responsible disclosure started with Trend Micro;
* 25/04/2019 - Analysis of the issue is started;
* 10/05/2019 - Trend Micro requires more information about the PoC;
* 22/05/2019 - Vendor developed and sent patch and asked for an analysis of
the fix;
* 28/05/2019 - Trend Micro thanked for the help and mentioned the process
os aknowledgement
(which includes the CVE reservation and Security Advisory post in in their
* 31/07/2019 - Vendor issued a new patch and sent it to be analysed;
* 13/08/2019 - CVE-2019-14685 was reserved, and a link to security advisory
was provided.

=====[ Thanks &

- Tempest Security Intelligence [3]

=====[ References




=====[ EOF

Download attachment "advtrend" of type "application/octet-stream" (2624 bytes)

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists