ID
VAR-E-201703-0441
CVE
| cve_id: | CVE-2017-5565 | Trust: 0.3 |
TITLE
Multiple Trend Micro Products CVE-2017-5565 DLL Loading Local Code Injection Vulnerability
Trust: 0.3
DESCRIPTION
Multiple Trend Micro products are prone to a local code-injection vulnerability.
A local attacker can exploit this issue to execute arbitrary code in the context of the system running the affected application; this can also result in the attacker gaining complete control of the affected application.
The following products are vulnerable:
Trend Micro Maximum Security 11.0 and prior.
Trend Micro Internet Security 11.0 and prior.
Trend Micro Antivirus+ Security 11.0 and prior.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | trend micro | model: | maximum security | scope: | eq | version: | 10.0.1265 | Trust: 0.3 |
| vendor: | trend micro | model: | maximum security | scope: | eq | version: | 8.0.2063 | Trust: 0.3 |
| vendor: | trend micro | model: | maximum security | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | trend micro | model: | maximum security | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | trend micro | model: | maximum security | scope: | eq | version: | 10.0.1186 | Trust: 0.3 |
| vendor: | trend micro | model: | maximum security | scope: | eq | version: | 10.0 | Trust: 0.3 |
| vendor: | trend micro | model: | internet security | scope: | eq | version: | 10.0.1265 | Trust: 0.3 |
| vendor: | trend micro | model: | internet security | scope: | eq | version: | 8.0 | Trust: 0.3 |
| vendor: | trend micro | model: | internet security | scope: | eq | version: | 11.0 | Trust: 0.3 |
| vendor: | trend micro | model: | internet security | scope: | eq | version: | 10.0.1186 | Trust: 0.3 |
| vendor: | trend micro | model: | internet security | scope: | eq | version: | 10.0 | Trust: 0.3 |
| vendor: | trend micro | model: | antivirus+ security | scope: | eq | version: | 11.0 | Trust: 0.3 |
EXPLOIT
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Michael Engstler
Trust: 0.3
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-5565 | Trust: 0.3 |
| db: | BID | id: | 97031 | Trust: 0.3 |
REFERENCES
| url: | https://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/ | Trust: 0.3 |
| url: | http://www.trend.com | Trust: 0.3 |
SOURCES
| db: | BID | id: | 97031 |
LAST UPDATE DATE
2022-07-27T09:56:18.477000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 97031 | date: | 2017-03-29T00:01:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 97031 | date: | 2017-03-21T00:00:00 |