[Japanese]

JVNDB-2020-007306

Trend Micro Security (Consumer) Driver vulnerable to Out-of-bounds Read

Overview

Trend Micro Security (Consumer) Driver is vulnerable to Out-of-bounds Read.

Multiple products provided by Trend Micro Incorporated contain Out-of-bounds Read vulnerability (CWE-125).

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.0 (Medium) [NVD Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
Affected Products


Trend Micro, Inc.
  • Antivirus+ 2020 for Windows v16.0.1302 and earlier
  • Internet Security 2020 for Windows v16.0.1302 and earlier
  • Trend Micro Maximum Security 2020 for Windows v16.0.1302 and earlier
  • Trend Micro Premium Security 2020 for Windows v16.0.1302 and earlier

Impact

A local user may direct the specific driver to do some system call operating on an invalid memory address, resulting in a potential system crash.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.

Version 16.0.1370 is provided to fix this vulnerability.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Out-of-bounds Read(CWE-125) [Other]
CVE (What is CVE?)

  1. CVE-2020-15603
References

  1. JVN : JVNVU#94105662
  2. National Vulnerability Database (NVD) : CVE-2020-15603
Revision History

  • [2024/08/20]
      Web page was published