CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35234 – Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-35234
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. Trend Micro Security versiones 2021 y 2022 (Consumer), es susceptible a una vulnerabilidad de divulgación de información de lectura fuera de límites que podría permitir a un atacante leer información confidencial de otras ubicaciones de memoria y causar un bloqueo en un equipo afectado This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the User Mode Hooking Monitor Engine. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11058 https://www.zerodayinitiative.com/advisories/ZDI-22-962 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33158 – Trend Micro Proxy One Pro Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-33158
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. Trend Micro VPN Proxy versiones 5.2.1026 y anteriores, contiene una vulnerabilidad relacionada con algunas carpetas demasiado permisivas en un directorio clave que podría permitir a un atacante local obtener una escalada de privilegios en un sistema afectado This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Proxy One Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions set on a directory. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11042 https://www.zerodayinitiative.com/advisories/ZDI-22-853 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-30703 – Trend Micro Internet Security Exposed Dangerous Method Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30703
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. Trend Micro Security versiones 2021 y 2022 (Consumer) es susceptible a una vulnerabilidad de método peligroso expuesto que podría permitir a un atacante obtener acceso a direcciones del kernel filtradas y revelar información confidencial. Esta vulnerabilidad también podría ser potencialmente encadenada para una escalada de privilegios This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NCIE Scanner module. • https://helpcenter.trendmicro.com/en-us/article/tmka-11021 https://www.zerodayinitiative.com/advisories/ZDI-22-801 •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30702 – Trend Micro Internet Security Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-30702
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. Trend Micro Security versiones 2022 y 2021 (Consumer) es susceptible a una vulnerabilidad de divulgación de información de lectura fuera de límites que podría permitir a un atacante revelar información confidencial en un equipo afectado This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the NCIE Scanner module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://helpcenter.trendmicro.com/en-us/article/tmka-11022 https://www.zerodayinitiative.com/advisories/ZDI-22-800 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28394
https://notcve.org/view.php?id=CVE-2022-28394
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). CVE de producto EOL - El instalador de Trend Micro Password Manager (Consumer) versiones 3.7.0.1223 y posteriores proporcionado por Trend Micro Incorporated contiene un problema con la ruta de búsqueda de DLL, que puede provocar la carga insegura de bibliotecas de enlace dinámico CWE-427). Tenga en cuenta que este problema se ha detectado en una versión EOL del producto, por lo que se recomienda a los usuarios que actualicen a la última versión compatible (5.x). • https://helpcenter.trendmicro.com/ja-jp/article/TMKA-10977 https://jvn.jp/en/jp/JVN60037444 https://jvn.jp/jp/JVN60037444 • CWE-427: Uncontrolled Search Path Element •