Below is a copy: Trend Maximum Security 2019 Unquoted Search Path
=====[ Tempest Security Intelligence - ADV-02/2019 ]==========================
Trend Maximum Security 2019
Author: Silton Santos
Tempest Security Intelligence - Recife, Pernambuco - Brazil
=====[ Table of Contents]=====================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
=====[ Vulnerability Information]=============================================
* Class: Unquoted Search Path or Element [CWE-428][1]
* CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2019-14685
=====[ Overview]==============================================================
* System affected : Trend Maximum Security 2019.[2]
* Impact : An user could obtain SYSTEM privileges.
=====[ Detailed description]==================================================
This application provide a unquoted path in the parameter lpApplicationName
of the function CreateProcessW during process create PwmConsole.exe ---
which is triggered from the feature PC Health Checkup.
If an attacker has write permissions to C:\ or C:\Program Files\, it could
deliver an arbitrary executable named Program.exe or Trend.exe which would
be executed by the coreServiceShell process.
coreServiceShell is a privileged process that will run Program.exe with same privilege.
More Details: https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escalao-de-privilgios-no-windows-471403d53b68
=====[ Timeline of disclosure]===============================================
* 24/04/2019 - Responsible disclosure started with Trend Micro;
* 25/04/2019 - Analysis of the issue is started;
* 10/05/2019 - Trend Micro requires more information about the PoC;
* 22/05/2019 - Vendor developed and sent patch and asked for an analysis of the fix;
* 28/05/2019 - Trend Micro thanked for the help and mentioned the process os aknowledgement
(which includes the CVE reservation and Security Advisory post in in their webpage);
* 31/07/2019 - Vendor issued a new patch and sent it to be analysed;
* 13/08/2019 - CVE-2019-14685 was reserved, and a link to security advisory was provided.
=====[ Thanks & Acknowledgements]============================================
- Tempest Security Intelligence [3]
=====[ References ]===========================================================
[1] https://cwe.mitre.org/data/definitions/428.html
[2] https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx
[3] http://www.tempest.com.br
=====[ EOF ]====================================================================
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum