Published:2020/08/06 Last Updated:2020/08/06
JVNVU#94105662
Trend Micro Security (Consumer) Driver vulnerable to Out-of-bounds Read
Overview
Trend Micro Security (Consumer) Driver is vulnerable to Out-of-bounds Read.
Products Affected
- Premium Security 2020 for Windows v16.0.1302 and earlier
- Maximum Security 2020 for Windows v16.0.1302 and earlier
- Internet Security 2020 for Windows v16.0.1302 and earlier
- Antivirus+ 2020 for Windows v16.0.1302 and earlier
Description
Multiple products provided by Trend Micro Incorporated contain Out-of-bounds Read vulnerability (CWE-125).
Impact
A local user may direct the specific driver to do some system call operating on an invalid memory address, resulting in a potential system crash.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Version 16.0.1370 is provided to fix this vulnerability.
Vendor Status
Vendor | Link |
Trend Micro Incorporated | Security Bulletin: Trend Micro Security (Consumer) Driver Invalid Memory Read Vulnerability |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Base Score:
6.0
Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
---|---|---|---|---|
Attack Complexity(AC) | High (H) | Low (L) | ||
Privileges Required(PR) | High (H) | Low (L) | None (N) | |
User Interaction(UI) | Required (R) | None (N) | ||
Scope(S) | Unchanged (U) | Changed (C) | ||
Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
Integrity Impact(I) | None (N) | Low (L) | High (H) | |
Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2020-15603 |
JVN iPedia |
|