lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Jun 2020 14:50:43 -0300 From: Silton Renato Pereira dos Santos <silton.santos@...pest.com.br> To: fulldisclosure@...lists.org Subject: [FD] DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469) =====[ Tempest Security Intelligence - 2020]========================== Trend Password Manager Author: Silton Santos Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]===================================================== * Vulnerability Information * Overview * Detailed description * Thanks & Acknowledgements * References =====[ Vulnerability Information]============================================= * Class: Uncontrolled Search Path Element [CWE-427][1] * CVSSv3 Score: 7.3 * CVE-2020-8469 =====[ Overview]============================================================== * System affected : Trend Micro Password Manager Version 5.0[2] * Impact : An user could obtain SYSTEM privileges. =====[ Detailed description]================================================== A DLL hijacking vulnerabilty in Trend Micro Password Manager 5.0 on Windows which could potentially allow an attacker privileged escalation. more details: https://sidechannel.tempestsi.com/dll-hijacking-at-the-trend-micro-password-manager-cve-2020-8469-461477b796d8 =====[ Thanks & Acknowledgements]============================================ - Tempest Security Intelligence [3] =====[ References ]=========================================================== [1] https://cwe.mitre.org/data/definitions/427.html [2] https://helpcenter.trendmicro.com/en-us/article/TMKA-09126 [3] http://www.tempest.com.br =====[ EOF ]==================================================================== _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists