lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Jun 2020 14:50:43 -0300
From: Silton Renato Pereira dos Santos <silton.santos@...pest.com.br>
To: fulldisclosure@...lists.org
Subject: [FD] DLL Hijacking at the Trend Micro Password Manager (CVE-2020–8469)

=====[ Tempest Security Intelligence - 2020]==========================

Trend Password Manager
Author: Silton Santos
Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of
Contents]=====================================================

* Vulnerability Information
* Overview
* Detailed description
* Thanks & Acknowledgements
* References

=====[ Vulnerability
Information]=============================================

* Class: Uncontrolled Search Path Element [CWE-427][1]
* CVSSv3 Score: 7.3
* CVE-2020-8469

=====[
Overview]==============================================================

* System affected : Trend Micro Password Manager Version 5.0[2]
* Impact : An user could obtain SYSTEM privileges.

=====[ Detailed
description]==================================================

A DLL hijacking vulnerabilty in Trend Micro Password Manager 5.0 on Windows
which
could potentially allow an attacker privileged escalation.

more details:
https://sidechannel.tempestsi.com/dll-hijacking-at-the-trend-micro-password-manager-cve-2020-8469-461477b796d8


=====[ Thanks &
Acknowledgements]============================================

- Tempest Security Intelligence [3]

=====[ References
]===========================================================

[1] https://cwe.mitre.org/data/definitions/427.html

[2] https://helpcenter.trendmicro.com/en-us/article/TMKA-09126

[3] http://www.tempest.com.br

=====[ EOF
]====================================================================

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists