Sign-up

ID

VAR-201703-0719


CVE

CVE-2017-5565


TITLE

plural Trend Micro Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-002759

DESCRIPTION

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack. Multiple Trend Micro products are prone to a local code-injection vulnerability. A local attacker can exploit this issue to execute arbitrary code in the context of the system running the affected application; this can also result in the attacker gaining complete control of the affected application. Trend Micro Internet Security 11.0 and prior. Trend Micro Antivirus+ Security 11.0 and prior

Trust: 1.89

sources: NVD: CVE-2017-5565 // JVNDB: JVNDB-2017-002759 // BID: 97031

AFFECTED PRODUCTS

vendor:trend micromodel:maximum securityscope:eqversion:11.0

Trust: 1.1

vendor:trend micromodel:internet securityscope:eqversion:11.0

Trust: 1.1

vendor:trendmicromodel:maximum securityscope:lteversion:11.1.1005

Trust: 1.0

vendor:trendmicromodel:internet securityscope:lteversion:11.1.1005

Trust: 1.0

vendor:trendmicromodel:premium securityscope:lteversion:11.1.1005

Trust: 1.0

vendor:trendmicromodel:antivirus\+scope:lteversion:11.1.1005

Trust: 1.0

vendor:trend micromodel:antivirusscope:eqversion:11.0

Trust: 0.8

vendor:trend micromodel:premium securityscope: - version: -

Trust: 0.8

vendor:trendmicromodel:maximum securityscope:eqversion:11.1.1005

Trust: 0.6

vendor:trendmicromodel:internet securityscope:eqversion:11.1.1005

Trust: 0.6

vendor:trendmicromodel:antivirus\+scope:eqversion:11.1.1005

Trust: 0.6

vendor:trendmicromodel:premium securityscope:eqversion:11.1.1005

Trust: 0.6

vendor:trend micromodel:maximum securityscope:eqversion:10.0.1265

Trust: 0.3

vendor:trend micromodel:maximum securityscope:eqversion:8.0.2063

Trust: 0.3

vendor:trend micromodel:maximum securityscope:eqversion:8.0

Trust: 0.3

vendor:trend micromodel:maximum securityscope:eqversion:10.0.1186

Trust: 0.3

vendor:trend micromodel:maximum securityscope:eqversion:10.0

Trust: 0.3

vendor:trend micromodel:internet securityscope:eqversion:10.0.1265

Trust: 0.3

vendor:trend micromodel:internet securityscope:eqversion:8.0

Trust: 0.3

vendor:trend micromodel:internet securityscope:eqversion:10.0.1186

Trust: 0.3

vendor:trend micromodel:internet securityscope:eqversion:10.0

Trust: 0.3

vendor:trend micromodel:antivirus+ securityscope:eqversion:11.0

Trust: 0.3

sources: BID: 97031 // JVNDB: JVNDB-2017-002759 // CNNVD: CNNVD-201703-938 // NVD: CVE-2017-5565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-5565
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-5565
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201703-938
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-5565
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2017-5565
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2017-002759 // CNNVD: CNNVD-201703-938 // NVD: CVE-2017-5565

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2017-002759 // NVD: CVE-2017-5565

THREAT TYPE

local

Trust: 0.9

sources: BID: 97031 // CNNVD: CNNVD-201703-938

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201703-938

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002759

PATCH
title:SECURITY BULLETIN: Trend Micro Products and the DoubleAgent Security Issueurl:https://success.trendmicro.com/solution/1116957
Trust: 0.8
title:Trend Micro Maximum Security , Internet Security And Antivirus+ Security Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68668
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002759 // 
            
            
            
            CNNVD: CNNVD-201703-938

EXTERNAL IDS
db:NVDid:CVE-2017-5565
Trust: 2.7
db:BIDid:97031
Trust: 2.7
db:SECTRACKid:1038206
Trust: 1.6
db:JVNDBid:JVNDB-2017-002759
Trust: 0.8
db:CNNVDid:CNNVD-201703-938
Trust: 0.6
sources:
            
            
            BID: 97031 // 
            
            
            
            JVNDB: JVNDB-2017-002759 // 
            
            
            
            CNNVD: CNNVD-201703-938 // 
            
            
            
            NVD: CVE-2017-5565

REFERENCES
url:http://www.securityfocus.com/bid/97031
Trust: 2.4
url:http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/
Trust: 1.9
url:https://success.trendmicro.com/solution/1116957
Trust: 1.6
url:http://www.securitytracker.com/id/1038206
Trust: 1.6
url:http://cybellum.com/doubleagent-taking-full-control-antivirus/
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5565
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-5565
Trust: 0.8
url:http://www.trend.com
Trust: 0.3
sources:
            
            
            BID: 97031 // 
            
            
            
            JVNDB: JVNDB-2017-002759 // 
            
            
            
            CNNVD: CNNVD-201703-938 // 
            
            
            
            NVD: CVE-2017-5565

CREDITS
Michael Engstler
Trust: 0.3
sources:
            
            
            BID: 97031

SOURCES
db:BIDid:97031
db:JVNDBid:JVNDB-2017-002759
db:CNNVDid:CNNVD-201703-938
db:NVDid:CVE-2017-5565

LAST UPDATE DATE
2024-11-23T22:18:03.771000+00:00

SOURCES UPDATE DATE
db:BIDid:97031date:2017-03-29T00:01:00
db:JVNDBid:JVNDB-2017-002759date:2017-04-27T00:00:00
db:CNNVDid:CNNVD-201703-938date:2019-10-23T00:00:00
db:NVDid:CVE-2017-5565date:2024-11-21T03:27:53.620

SOURCES RELEASE DATE
db:BIDid:97031date:2017-03-21T00:00:00
db:JVNDBid:JVNDB-2017-002759date:2017-04-27T00:00:00
db:CNNVDid:CNNVD-201703-938date:2017-03-22T00:00:00
db:NVDid:CVE-2017-5565date:2017-03-21T16:59:00.287