exploit the possibilities

Trend Micro Security (Consumer) Arbitrary Code Execution

Trend Micro Security (Consumer) Arbitrary Code Execution
Posted Jan 17, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system.

tags | exploit
advisories | CVE-2019-20357
MD5 | d94d6061aaad9782bb11838c46318d2c

Trend Micro Security (Consumer) Arbitrary Code Execution

Change Mirror Download
[+] Credits: John Page (aka hyp3rlinx)    
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec


[Vendor]
www.trendmicro.com


[Product(s)]
Trend Micro Security (Consumer) Multiple Products


Trend Micro Security provides comprehensive protection for your devices.
This includes protection against ransomware, viruses, malware, spyware, and identity theft.


[Vulnerability Type]
Persistent Arbitrary Code Execution


[CVE Reference]
CVE-2019-20357


[CVSSv3 Scores: 6.7]


[Security Issue]
Trend Micro Security can potentially allow an attackers to use a malicious program to escalate privileges
to SYSTEM integrity and attain persistence on a vulnerable system.


[Product Affected Versions]
Platform Microsoft Windows

Premium Security 2019 (v15) and 2020 (v16)

Maximum Security
2019 (v15) and 2020 (v16)

Internet Security
2019 (v15) and 2020 (v16)

Antivirus + Security
2019 (v15) and 2020 (v16)


[References]
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx

[Exploit/POC]
Compile C test code "Program.c"

void main(void){
puts("Done!");
system("pause");
}

1) Place under c:\ dir.
2) Reboot the machine, the coreServiceShell.exe service loads and executes our binary with SYSTEM integrity.



[Network Access]
Local


[Severity]
Medium



[Disclosure Timeline]
Vendor Notification: October 8, 2019
vendor advisory: January 15, 2020
January 16, 2020 : Public Disclosure



[+] Disclaimer
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
or exploits by the author or elsewhere. All content (c).

hyp3rlinx
Login or Register to add favorites

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    36 Files
  • 26
    Jan 26th
    26 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close