Page 26 of 140 results (0.009 seconds)

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0

A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services dll may allow an attacker to manipulate it to cause an out-of-bounds read that crashes multiple processes in the product. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad en una dll de Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 y Worry-Free Business Security Services dll, puede permitir a un atacante manipularla para causar una lectura fuera de límites que bloquee varios procesos en el producto. Un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema de objetivo para explotar esta vulnerabilidad This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within OfcPIPC_64x.dll. • https://success.trendmicro.com/solution/000263632 https://success.trendmicro.com/solution/000267260 https://www.zerodayinitiative.com/advisories/ZDI-20-1095 • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. Una vulnerabilidad en Trend Micro Apex One y Worry-Free Business Security 10.0 SP1 en Microsoft Windows puede permitir a un atacante manipular una carpeta de un producto en particular para deshabilitar la seguridad temporalmente, violar una función específica de Windows y lograr una escalada de privilegios. Un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo para explotar esta vulnerabilidad. • https://success.trendmicro.com/solution/000263632 https://success.trendmicro.com/solution/000267260 https://www.zerodayinitiative.com/advisories/ZDI-20-1094 •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected. Una vulnerabilidad en Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 y Worry-Free Business Security Services en Microsoft Windows, puede permitir a un atacante crear un enlace físico para cualquier archivo en el sistema, que luego podría manipularse para obtener una escalada de privilegios y una ejecución de código. Un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo para explotar esta vulnerabilidad. • https://success.trendmicro.com/solution/000263632 https://success.trendmicro.com/solution/000263633 https://success.trendmicro.com/solution/000267260 https://www.zerodayinitiative.com/advisories/ZDI-20-1093 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as root. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad en Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 y Worry-Free Business Security Services en macOS, puede permitir a un atacante manipular un determinado binario para cargar y ejecutar un script desde una carpeta editable por el usuario, lo que luego les permitiría ejecutar código arbitrario como root. Un atacante debe primero obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ApexOne Security Agent. • https://success.trendmicro.com/solution/000263632 https://success.trendmicro.com/solution/000267260 https://www.zerodayinitiative.com/advisories/ZDI-20-1096 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability. Una vulnerabilidad de comprobación de entrada que se encuentra en varios productos de Trend Micro que usan una versión particular de un controlador de protección de rootkit específico, podría permitir a un atacante en modo usuario con permisos de administrador abusar del controlador para modificar una dirección del kernel que puede causar un bloqueo del sistema o potencialmente conllevar a una ejecución de código en modo kernel. Un atacante ya debe haber obtenido acceso de administrador en la máquina de destino (legítimamente o mediante un ataque no relacionado separado) para explotar esta vulnerabilidad • https://jvn.jp/en/vu/JVNVU99160193/index.html https://jvn.jp/vu/JVNVU99160193 https://success.trendmicro.com/jp/solution/000260748 https://success.trendmicro.com/solution/000260713 • CWE-20: Improper Input Validation •