CVE-2020-8607

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 75.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Antivirus Toolkit Trend Micro Trend Micro Anti-threat Toolkit (attk)Trend Micro Trend Micro Apex ONE +19 more

Timeline

PublishedAug 5

Latest updateMay 24

Description

An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vu…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages22 packages

▶NVDtrendmicro/rootkit_buster2.2

▶CVEListV5trend_micro/trend_micro_rootkit_buster2.2

▶NVDtrendmicro/antivirus_toolkit< 1.62.1240

▶NVDtrendmicro/apex_one2019, saas+1

▶NVDtrendmicro/safe_lock2.0

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-cjwf-2r6c-6h5f: An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could↗2022-05-24

▶

CVEList

CVE-2020-8607: An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could↗2020-08-05

▶

💬Community

Bugzilla

CVE-2019-8607 webkitgtk: Out-of-bounds read leading to memory disclosure↗2020-09-08

▶