Details of VAR-190001-0402

ID

VAR-190001-0402

TITLE

Trend Micro DataArmor/DriveArmor Pre-Boot Local Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-0383

DESCRIPTION

Trend Micro DataArmor/DriveArmor is a data protection application. Trend Micro DataArmor/DriveArmor pre-boot has a security vulnerability that allows a local attacker to execute arbitrary code in the login user context and gain access to the DataArmor Recovery Console. Attackers with physical access to the affected system can exploit this issue to escalate privileges and perform unauthorized actions

Trust: 0.99

sources: CNVD: CNVD-2012-0383 // BID: 51656 // IVD: 379243e8-1f76-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 379243e8-1f76-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0383

AFFECTED PRODUCTS

vendor:	trend micro	model:	drivearmor	scope:	eq	version:	3.0.0	Trust: 1.1
vendor:	trend micro	model:	dataarmor	scope:	eq	version:	3.0.10	Trust: 0.9
vendor:	trend micro	model:	drivearmor	scope:	ne	version:	3.0.0.439	Trust: 0.3
vendor:	trend micro	model:	dataarmor	scope:	ne	version:	3.0.12.861	Trust: 0.3
vendor:	trend micro	model:	dataarmor	scope:	eq	version:	3.0.10*	Trust: 0.2

sources: IVD: 379243e8-1f76-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0383 // BID: 51656

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	379243e8-1f76-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

IVD:	379243e8-1f76-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 379243e8-1f76-11e6-abef-000c29c66e3d

THREAT TYPE

local

Trust: 0.9

sources: BID: 51656 // CNNVD: CNNVD-201202-016

TYPE

Unknown

Trust: 0.3

sources: BID: 51656

PATCH

title:

Trend Micro DataArmor/DriveArmor pre-launch patches for local elevation of privilege vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/8679

Trust: 0.6

sources: CNVD: CNVD-2012-0383

EXTERNAL IDS

db:	BID	id:	51656	Trust: 1.5
db:	CNVD	id:	CNVD-2012-0383	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-016	Trust: 0.6
db:	IVD	id:	379243E8-1F76-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 379243e8-1f76-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0383 // BID: 51656 // CNNVD: CNNVD-201202-016

REFERENCES

url:	http://www.securityfocus.com/archive/1/521351http	Trust: 0.6
url:	http://www.securityfocus.com/bid/51656	Trust: 0.6
url:	http://www.mobilearmor.com/dataarmor.php	Trust: 0.3
url:	http://www.mobilearmor.com/drivearmor.html	Trust: 0.3
url:	http://www.trend.com	Trust: 0.3
url:	/archive/1/521351	Trust: 0.3
url:	http://esupport.trendmicro.com/solution/en-us/1060043.aspx	Trust: 0.3

sources: CNVD: CNVD-2012-0383 // BID: 51656 // CNNVD: CNNVD-201202-016

CREDITS

Stuart Pass?? of NGS Secure.

Trust: 0.6

sources: CNNVD: CNNVD-201202-016

SOURCES

db:	IVD	id:	379243e8-1f76-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-0383
db:	BID	id:	51656
db:	CNNVD	id:	CNNVD-201202-016

LAST UPDATE DATE

2022-05-17T02:08:47.975000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0383	date:	2012-02-03T00:00:00
db:	BID	id:	51656	date:	2012-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201202-016	date:	2012-02-07T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	379243e8-1f76-11e6-abef-000c29c66e3d	date:	2012-02-03T00:00:00
db:	CNVD	id:	CNVD-2012-0383	date:	2012-02-03T00:00:00
db:	BID	id:	51656	date:	2012-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201202-016	date:	1900-01-01T00:00:00