CVE-2020-8607
N/A
N/A
Summary
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trend Micro | Trend Micro Apex One | 2019 (On premise), SaaS | affected |
| Trend Micro | Trend Micro OfficeScan | XG SP1 | affected |
| Trend Micro | Trend Micro Deep Security | 12.x, 11.x. 10.x | affected |
| Trend Micro | Trend Micro Worry-Free Business Security | 10.0 SP1, Services (SaaS) | affected |
| Trend Micro | Trend Micro Security (Consumer Family) | 2020 (v16), 2019 (v15) | affected |
| Trend Micro | Trend Micro Safe Lock | 2.0 SP1, TXOne Ed | affected |
| Trend Micro | Trend Micro ServerProtect | SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8 | affected |
| Trend Micro | Trend Micro Portable Security | 3.x, 2.x | affected |
| Trend Micro | Trend Micro HouseCall | 8.0 | affected |
| Trend Micro | Trend Micro Anti-Threat Toolkit (ATTK) | 1.62.1240 and below | affected |
| Trend Micro | Trend Micro Rootkit Buster | 2.2 | affected |
Weaknesses
- Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://success.trendmicro.com/solution/000260713
- https://success.trendmicro.com/jp/solution/000260748
- https://jvn.jp/vu/JVNVU99160193/
- https://jvn.jp/en/vu/JVNVU99160193/index.html
References
- https://success.trendmicro.com/solution/000260713
- https://success.trendmicro.com/jp/solution/000260748
- https://jvn.jp/vu/JVNVU99160193/
- https://jvn.jp/en/vu/JVNVU99160193/index.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.