ID

VAR-190001-0402


TITLE

Trend Micro DataArmor/DriveArmor Pre-Boot Local Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-0383

DESCRIPTION

Trend Micro DataArmor/DriveArmor is a data protection application. Trend Micro DataArmor/DriveArmor pre-boot has a security vulnerability that allows a local attacker to execute arbitrary code in the login user context and gain access to the DataArmor Recovery Console. Attackers with physical access to the affected system can exploit this issue to escalate privileges and perform unauthorized actions

Trust: 0.99

sources: CNVD: CNVD-2012-0383 // BID: 51656 // IVD: 379243e8-1f76-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 379243e8-1f76-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0383

AFFECTED PRODUCTS

vendor:trend micromodel:drivearmorscope:eqversion:3.0.0

Trust: 1.1

vendor:trend micromodel:dataarmorscope:eqversion:3.0.10

Trust: 0.9

vendor:trend micromodel:drivearmorscope:neversion:3.0.0.439

Trust: 0.3

vendor:trend micromodel:dataarmorscope:neversion:3.0.12.861

Trust: 0.3

vendor:trend micromodel:dataarmorscope:eqversion:3.0.10*

Trust: 0.2

sources: IVD: 379243e8-1f76-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0383 // BID: 51656

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 379243e8-1f76-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 379243e8-1f76-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 379243e8-1f76-11e6-abef-000c29c66e3d

THREAT TYPE

local

Trust: 0.9

sources: BID: 51656 // CNNVD: CNNVD-201202-016

TYPE

Unknown

Trust: 0.3

sources: BID: 51656

PATCH

title:Trend Micro DataArmor/DriveArmor pre-launch patches for local elevation of privilege vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/8679

Trust: 0.6

sources: CNVD: CNVD-2012-0383

EXTERNAL IDS

db:BIDid:51656

Trust: 1.5

db:CNVDid:CNVD-2012-0383

Trust: 0.8

db:CNNVDid:CNNVD-201202-016

Trust: 0.6

db:IVDid:379243E8-1F76-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 379243e8-1f76-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0383 // BID: 51656 // CNNVD: CNNVD-201202-016

REFERENCES

url:http://www.securityfocus.com/archive/1/521351http

Trust: 0.6

url:http://www.securityfocus.com/bid/51656

Trust: 0.6

url:http://www.mobilearmor.com/dataarmor.php

Trust: 0.3

url:http://www.mobilearmor.com/drivearmor.html

Trust: 0.3

url:http://www.trend.com

Trust: 0.3

url:/archive/1/521351

Trust: 0.3

url:http://esupport.trendmicro.com/solution/en-us/1060043.aspx

Trust: 0.3

sources: CNVD: CNVD-2012-0383 // BID: 51656 // CNNVD: CNNVD-201202-016

CREDITS

Stuart Pass?? of NGS Secure.

Trust: 0.6

sources: CNNVD: CNNVD-201202-016

SOURCES

db:IVDid:379243e8-1f76-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0383
db:BIDid:51656
db:CNNVDid:CNNVD-201202-016

LAST UPDATE DATE

2022-05-17T02:08:47.975000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0383date:2012-02-03T00:00:00
db:BIDid:51656date:2012-01-24T00:00:00
db:CNNVDid:CNNVD-201202-016date:2012-02-07T00:00:00

SOURCES RELEASE DATE

db:IVDid:379243e8-1f76-11e6-abef-000c29c66e3ddate:2012-02-03T00:00:00
db:CNVDid:CNVD-2012-0383date:2012-02-03T00:00:00
db:BIDid:51656date:2012-01-24T00:00:00
db:CNNVDid:CNNVD-201202-016date:1900-01-01T00:00:00