CVE-2022-44654Heap-based Buffer Overflow in Micro INC Trend Micro Apex ONE

CWE-122Heap-based Buffer Overflow3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 38.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro INC Trend Micro Apex ONETrendmicro Apex ONE
Timeline
PublishedDec 12

Description

Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDtrendmicro/apex_one< 14.0.11789+1
CVEListV5trend_micro_inc/trend_micro_apex_oneOn Premise (14.0)14.0.0.11126+1

🔴Vulnerability Details

2
GHSA
GHSA-5cxp-p2q9-w7hr: Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory prot2022-12-12
CVEList
CVE-2022-44654: Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory prot2022-11-21
CVE-2022-44654 — Heap-based Buffer Overflow | cvebase