Published:2020/08/06 Last Updated:2020/08/06
JVNVU#94105662
Trend Micro Security (Consumer) Driver vulnerable to Out-of-bounds Read
Overview
Trend Micro Security (Consumer) Driver is vulnerable to Out-of-bounds Read.
Products Affected
- Premium Security 2020 for Windows v16.0.1302 and earlier
- Maximum Security 2020 for Windows v16.0.1302 and earlier
- Internet Security 2020 for Windows v16.0.1302 and earlier
- Antivirus+ 2020 for Windows v16.0.1302 and earlier
Description
Multiple products provided by Trend Micro Incorporated contain Out-of-bounds Read vulnerability (CWE-125).
Impact
A local user may direct the specific driver to do some system call operating on an invalid memory address, resulting in a potential system crash.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Version 16.0.1370 is provided to fix this vulnerability.
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | Security Bulletin: Trend Micro Security (Consumer) Driver Invalid Memory Read Vulnerability |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Base Score:
6.0
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2020-15603 |
| JVN iPedia |
|