Multiple vulnerabilities in Trend Micro Worry-Free Business Security
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-44649 CVE-2022-44650 CVE-2022-44654 CVE-2022-45798 |
| CWE-ID | CWE-787 CWE-119 CWE-254 CWE-59 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Worry-Free Business Security Client/Desktop applications / Software for system administration |
| Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU69185
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44649
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Unauthorized Change Prevention service. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2390
External linkshttp://success.trendmicro.com/dcx/s/solution/000292202?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU69186
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44650
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Unauthorized Change Prevention service. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2390
External linkshttp://success.trendmicro.com/dcx/s/solution/000292202?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security features bypass
EUVDB-ID: #VU69190
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-44654
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to presence of a monitor engine component that is complied without the /SAFESEH memory protection mechanism, which helps to monitor for malicious payloads. A remote attacker can abuse this to perform a denial of service attack against the antimalware engine.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2390
External linkshttp://success.trendmicro.com/dcx/s/solution/000292202?language=en_US
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Link following
EUVDB-ID: #VU69909
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-45798
CWE-ID:
CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Exploit availability: No
DescriptionThe vulnerability allows a local user to delete arbitrary files on the system.
The
vulnerability exists due to insecure symlink following issue in the Damage Cleanup Engine component. A local user can
create a specially crafted symbolic link to a critical file on the
system and delete it.
Install update from vendor's website.
Vulnerable software versionsWorry-Free Business Security: 10 SP1 Patch 2203 - 10.0 SP1 Patch 2390
External linkshttp://success.trendmicro.com/dcx/s/solution/000292202?language=en_US
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
