Trend Maximum Security 2019 suffers from an unquoted search path vulnerability. This application provides an unquoted path in the parameter lpApplicationName of the function CreateProcessW during process create PwmConsole.exe --- which is triggered from the feature PC Health Checkup. If an attacker has write permissions to C:\ or C:\Program Files\, it could deliver an arbitrary executable named Program.exe or Trend.exe which would be executed by the coreServiceShell process. coreServiceShell is a privileged process that will run Program.exe with same privilege.
52269680ae8182e23a23e0158bbab33cb0478d44d1cb16eba85bdedcdf6abff8=====[ Tempest Security Intelligence - ADV-02/2019 ]==========================
Trend Maximum Security 2019
Author: Silton Santos
Tempest Security Intelligence - Recife, Pernambuco - Brazil
=====[ Table of Contents]=====================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
=====[ Vulnerability Information]=============================================
* Class: Unquoted Search Path or Element [CWE-428][1]
* CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
* CVE-2019-14685
=====[ Overview]==============================================================
* System affected : Trend Maximum Security 2019.[2]
* Impact : An user could obtain SYSTEM privileges.
=====[ Detailed description]==================================================
This application provide a unquoted path in the parameter lpApplicationName
of the function CreateProcessW during process create PwmConsole.exe ---
which is triggered from the feature PC Health Checkup.
If an attacker has write permissions to C:\ or C:\Program Files\, it could
deliver an arbitrary executable named Program.exe or Trend.exe which would
be executed by the coreServiceShell process.
coreServiceShell is a privileged process that will run Program.exe with same privilege.
More Details: https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escalação-de-privilégios-no-windows-471403d53b68
=====[ Timeline of disclosure]===============================================
* 24/04/2019 - Responsible disclosure started with Trend Micro;
* 25/04/2019 - Analysis of the issue is started;
* 10/05/2019 - Trend Micro requires more information about the PoC;
* 22/05/2019 - Vendor developed and sent patch and asked for an analysis of the fix;
* 28/05/2019 - Trend Micro thanked for the help and mentioned the process os aknowledgement
(which includes the CVE reservation and Security Advisory post in in their webpage);
* 31/07/2019 - Vendor issued a new patch and sent it to be analysed;
* 13/08/2019 - CVE-2019-14685 was reserved, and a link to security advisory was provided.
=====[ Thanks & Acknowledgements]============================================
- Tempest Security Intelligence [3]
=====[ References ]===========================================================
[1] https://cwe.mitre.org/data/definitions/428.html
[2] https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx
[3] http://www.tempest.com.br
=====[ EOF ]====================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed