CVE-2020-25778 — Information Exposure via Error Message in Micro Antivirus FOR MAC

CWE-209 — Information Exposure via Error Message CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.0MEDIUMNVD

EPSS

0.1%

top 70.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Antivirus FOR MAC Trendmicro Antivirus

Timeline

PublishedOct 14

Latest updateMay 24

Description

Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

▶NVDtrendmicro/antivirus2019, 2020+1

▶CVEListV5trend_micro/trend_micro_antivirus_for_mac2020 (v10.x)

Patches

Patch: helpcenter.trendmicro.com ↗Patch: helpcenter.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-p329-qr4h-9548: Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and l↗2022-05-24

▶

CVEList

CVE-2020-25778: Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and l↗2020-10-14

▶