CVE-2017-5565

CWE-4273 documents3 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 68.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Antivirus\+Trendmicro Internet Security Trendmicro Maximum Security +1 more

Timeline

PublishedMar 21

Latest updateMay 13

Description

Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Prov…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶NVDtrendmicro/maximum_security11.1.1005

▶NVDtrendmicro/internet_security11.1.1005

▶NVDtrendmicro/premium_security11.1.1005

▶NVDtrendmicro/antivirus\+11.1.1005

🔴Vulnerability Details

GHSA

GHSA-cm6q-r84p-pcwg: Code injection vulnerability in Trend Micro Maximum Security 11↗2022-05-13

▶

CVEList

CVE-2017-5565: Code injection vulnerability in Trend Micro Maximum Security 11↗2017-03-21

▶