[Japanese]

JVNDB-2020-000013

Multiple Trend Micro products vulnerable to denial-of-service (DoS)

Overview

Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows provided by Trend Micro Incorporated contain a denial-of-service (DoS) vulnerability (CWE-400).

BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.2 (Medium) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 2.1 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


Trend Micro, Inc.
  • Antivirus + Security 2019 for Windows version 15
  • Internet Security 2019 for Windows version 15
  • Trend Micro Maximum Security 2019 for Windows version 15
  • Trend Micro Premium Security 2019 for Windows version 15

According to the developer, Premium Security 2020 for Windows version 16, Maximum Security 2020 for Windows version 16, Internet Security 2020 for Windows version 16, and Antivirus+ Security 2020 for Windows version 16 are not affected by this vulnerability.
Impact

An attacker may disable Premium Security 2019 for Windows, Maximum Security 2019 for Windows, Internet Security 2019 for Windows, and Antivirus+ Security 2019 for Windows.
Solution

[Update the software]
Update to the latest version according to the information provided by the developer.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2019-19694
References

  1. JVN : JVN#02921757
Revision History

  • [2020/02/14]
      Web page was published