SB2017062704 - Two vulnerabilities in Trend Micro Internet Security

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017062704

SB2017062704 - Two vulnerabilities in Trend Micro Internet Security

Published: June 27, 2017

Security Bulletin ID SB2017062704
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Null pointer dereference (CVE-ID: N/A)

The vulnerability allows a local attacker to cause DoS condition on the target system.
 
The weakness exists due to a pointer dereference error in 'tmusa.sys' in processing IOCTL 0x00222813. A local attacker can run a specially crafted application and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Race condition (CVE-ID: N/A)

The vulnerability allows a local attacker to gain elevated privileges on the target system.
 
The weakness exists due to  a race condition in 'tmusa.sys' in processing IOCTL 0x222813. A local attacker can run a specially crafted application to modify a field used by the kernel and gain system privileges.

Successful exploitation of the vulnerability results in privilege escalation.

Remediation

Install update from vendor's website.

References