Advertisement






Trend Maximum Security 2019 Unquoted Search Path

CVE Category Price Severity
CVE-2019-14685 CWE-428 Not disclosed High
Author Risk Exploitation Type Date
Alexis Parubets High Local 2019-08-27
CPE
cpe:cpe:/a:trendmicro:maximum_security:2019
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019080136

Below is a copy:

Trend Maximum Security 2019 Unquoted Search Path
=====[ Tempest Security Intelligence - ADV-02/2019 ]==========================

Trend Maximum Security 2019
Author: Silton Santos
Tempest Security Intelligence - Recife, Pernambuco - Brazil

=====[ Table of Contents]=====================================================

* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability Information]=============================================

* Class: Unquoted Search Path or Element [CWE-428][1]
* CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2019-14685

=====[ Overview]==============================================================

* System affected : Trend Maximum Security 2019.[2]
* Impact : An user could obtain SYSTEM privileges.

=====[ Detailed description]==================================================

This application provide a unquoted path in the parameter lpApplicationName 
of the function CreateProcessW during process create PwmConsole.exe --- 
which is triggered from the feature PC Health Checkup.

If an attacker has write permissions to C:\ or C:\Program Files\, it could 
deliver an arbitrary executable named  Program.exe or Trend.exe which would 
be executed by the coreServiceShell process.

coreServiceShell is a privileged process that will run Program.exe with same privilege.

More Details: https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escalao-de-privilgios-no-windows-471403d53b68


=====[ Timeline of disclosure]===============================================

* 24/04/2019 - Responsible disclosure started with Trend Micro;
* 25/04/2019 - Analysis of the issue is started;
* 10/05/2019 - Trend Micro requires more information about the PoC;
* 22/05/2019 - Vendor developed and sent patch and asked for an analysis of the fix;
* 28/05/2019 - Trend Micro thanked for the help and mentioned the process os aknowledgement 
(which includes the CVE reservation and Security Advisory post in in their webpage);
* 31/07/2019 - Vendor issued a new patch and sent it to be analysed;
* 13/08/2019 - CVE-2019-14685 was reserved, and a link to security advisory was provided.


=====[ Thanks & Acknowledgements]============================================

- Tempest Security Intelligence [3]

=====[ References ]===========================================================

[1] https://cwe.mitre.org/data/definitions/428.html

[2] https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx

[3] http://www.tempest.com.br

=====[ EOF ]====================================================================

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum