=====[ Tempest Security Intelligence - 2020]========================== Trend Password Manager Author: Silton Santos Tempest Security Intelligence - Recife, Pernambuco - Brazil
=====[ Table of Contents]===================================================== * Vulnerability Information * Overview * Detailed description * Thanks & Acknowledgements * References =====[ Vulnerability Information]============================================= * Class: Uncontrolled Search Path Element [CWE-427][1] * CVSSv3 Score: 7.3 * CVE-2020-8469 =====[ Overview]============================================================== * System affected : Trend Micro Password Manager Version 5.0[2] * Impact : An user could obtain SYSTEM privileges. =====[ Detailed description]================================================== A DLL hijacking vulnerabilty in Trend Micro Password Manager 5.0 on Windows which could potentially allow an attacker privileged escalation. more details: https://sidechannel.tempestsi.com/dll-hijacking-at-the-trend-micro-password-manager-cve-2020-8469-461477b796d8 =====[ Thanks & Acknowledgements]============================================ - Tempest Security Intelligence [3] =====[ References ]=========================================================== [1] https://cwe.mitre.org/data/definitions/427.html [2] https://helpcenter.trendmicro.com/en-us/article/TMKA-09126 [3] http://www.tempest.com.br =====[ EOF ]==================================================================== _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
