Published:2020/08/06  Last Updated:2020/08/06

JVNVU#94105662
Trend Micro Security (Consumer) Driver vulnerable to Out-of-bounds Read

Overview

Trend Micro Security (Consumer) Driver is vulnerable to Out-of-bounds Read.

Products Affected

  • Premium Security 2020  for Windows v16.0.1302 and earlier
  • Maximum Security 2020 for Windows v16.0.1302 and earlier
  • Internet Security 2020 for Windows v16.0.1302 and earlier
  • Antivirus+ 2020 for Windows v16.0.1302 and earlier

Description

Multiple products provided by Trend Micro Incorporated contain Out-of-bounds Read vulnerability (CWE-125).

Impact

A local user may direct the specific driver to do some system call operating on an invalid memory address, resulting in a potential system crash.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Version 16.0.1370 is provided to fix this vulnerability.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Base Score: 6.0
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-15603
JVN iPedia