Vulnerabilites related to Trend Micro - Trend Micro Antivirus for Mac (Consumer)
CVE-2020-25779 (GCVE-0-2020-25779)
Vulnerability from cvelistv5
Published
2020-10-13 15:45
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Protection Bypass
Summary
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 2020 (v10.x) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v10.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Protection Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-13T15:45:14",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-25779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v10.x)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Protection Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09949",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-25779",
"datePublished": "2020-10-13T15:45:15",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15366 (GCVE-0-2018-15366)
Vulnerability from cvelistv5
Published
2018-10-23 14:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 7.0 (2017) and above |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1293/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "7.0 (2017) and above"
}
]
}
],
"datePublic": "2018-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1293/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-15366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "7.0 (2017) and above"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105757"
},
{
"name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1293/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1293/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-15366",
"datePublished": "2018-10-23T14:00:00",
"dateReserved": "2018-08-16T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25777 (GCVE-0-2020-25777)
Vulnerability from cvelistv5
Published
2020-10-14 15:10
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Protection Bypass
Summary
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 2020 (v10.x) and 2019 (v9.x) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v10.x) and 2019 (v9.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Protection Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T15:10:22",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-25777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v10.x) and 2019 (v9.x)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Protection Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09947"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1242/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-25777",
"datePublished": "2020-10-14T15:10:22",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27014 (GCVE-0-2020-27014)
Vulnerability from cvelistv5
Published
2020-10-29 23:45
Modified
2024-08-04 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Race Condition
Summary
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 2020 (v10.x) and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v10.x) and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\\n\\n\\r\\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Race Condition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-30T20:06:54",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v10.x) and below"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\\n\\n\\r\\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09974"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1285/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-27014",
"datePublished": "2020-10-29T23:45:23",
"dateReserved": "2020-10-12T00:00:00",
"dateUpdated": "2024-08-04T16:03:23.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27013 (GCVE-0-2020-27013)
Vulnerability from cvelistv5
Published
2020-10-14 15:10
Modified
2024-08-04 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Access Control Information Disclosure
Summary
Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 2020 (v10.x) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09950"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1243/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v10.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T15:10:23",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09950"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1243/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v10.x)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09950",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09950"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1243/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1243/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-27013",
"datePublished": "2020-10-14T15:10:23",
"dateReserved": "2020-10-12T00:00:00",
"dateUpdated": "2024-08-04T16:03:23.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18329 (GCVE-0-2018-18329)
Vulnerability from cvelistv5
Published
2018-10-23 14:00
Modified
2024-08-05 11:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 7.0 (2017) and above |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1297/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "7.0 (2017) and above"
}
]
}
],
"datePublic": "2018-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1297/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-18329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "7.0 (2017) and above"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105757"
},
{
"name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1297/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1297/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-18329",
"datePublished": "2018-10-23T14:00:00",
"dateReserved": "2018-10-15T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27015 (GCVE-0-2020-27015)
Vulnerability from cvelistv5
Published
2020-10-29 23:45
Modified
2024-08-04 16:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 2020 (v10.x) and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v10.x) and below"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-02T20:36:26",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v10.x) and below"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09975"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1286/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-27015",
"datePublished": "2020-10-29T23:45:23",
"dateReserved": "2020-10-12T00:00:00",
"dateUpdated": "2024-08-04T16:03:23.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15367 (GCVE-0-2018-15367)
Vulnerability from cvelistv5
Published
2018-10-23 14:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 7.0 (2017) and above |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1294/"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "7.0 (2017) and above"
}
]
}
],
"datePublic": "2018-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1294/"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-15367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "7.0 (2017) and above"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1294/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1294/"
},
{
"name": "105757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105757"
},
{
"name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-15367",
"datePublished": "2018-10-23T14:00:00",
"dateReserved": "2018-08-16T00:00:00",
"dateUpdated": "2024-08-05T09:54:03.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25778 (GCVE-0-2020-25778)
Vulnerability from cvelistv5
Published
2020-10-14 15:10
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 2020 (v10.x) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09948"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1241/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v10.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T15:10:23",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09948"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1241/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-25778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v10.x)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09948",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09948"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1241/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1241/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-25778",
"datePublished": "2020-10-14T15:10:23",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18327 (GCVE-0-2018-18327)
Vulnerability from cvelistv5
Published
2018-10-23 14:00
Modified
2024-08-05 11:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 7.0 (2017) and above |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1295/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "7.0 (2017) and above"
}
]
}
],
"datePublic": "2018-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1295/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-18327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "7.0 (2017) and above"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6eDC offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "105757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105757"
},
{
"name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1295/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1295/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-18327",
"datePublished": "2018-10-23T14:00:00",
"dateReserved": "2018-10-15T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25776 (GCVE-0-2020-25776)
Vulnerability from cvelistv5
Published
2020-10-02 22:00
Modified
2024-08-04 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Symbolic Link Privilege Escalation
Summary
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 2020 (v10.x) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1236/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v10.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Symbolic Link Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T22:00:17",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1236/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-25776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v10.x)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Symbolic Link Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09924",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09924"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1236/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1236/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-25776",
"datePublished": "2020-10-02T22:00:17",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18328 (GCVE-0-2018-18328)
Vulnerability from cvelistv5
Published
2018-10-23 14:00
Modified
2024-08-05 11:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Privilege Escalation
Summary
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Antivirus for Mac (Consumer) |
Version: 7.0 (2017) and above |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Antivirus for Mac (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "7.0 (2017) and above"
}
]
}
],
"datePublic": "2018-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/"
},
{
"name": "105757",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-18328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Antivirus for Mac (Consumer)",
"version": {
"version_data": [
{
"version_value": "7.0 (2017) and above"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1296/"
},
{
"name": "105757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105757"
},
{
"name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2018-18328",
"datePublished": "2018-10-23T14:00:00",
"dateReserved": "2018-10-15T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}