Vulners
Lucene search
Trend Micro Maximum Security 2019 - Arbitrary Code Execution Vulnerability
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2019-19697 | 14 Oct 202422:12 | – | circl |
 | Trend Micro Security 2019 (Consumer) Arbitrary Code Execution Vulnerability | 19 Jan 202000:00 | – | cnvd |
 | CVE-2019-19697 | 17 Jan 202023:45 | – | cve |
 | CVE-2019-19697 | 17 Jan 202023:45 | – | cvelist |
 | Trend Micro Maximum Security 2019 - Arbitrary Code Execution | 17 Jan 202000:00 | – | exploitdb |
 | EUVD-2019-9306 | 7 Oct 202500:30 | – | euvd |
 | Trend Micro Maximum Security 2019 - Arbitrary Code Execution | 17 Jan 202000:00 | – | exploitpack |
 | CVE-2019-19697 | 18 Jan 202000:15 | – | nvd |
 | Trend Micro Security 2019 Security Bypass Protected Service Tampering | 17 Jan 202000:00 | – | packetstorm |
 | Remote code execution | 18 Jan 202000:15 | – | prion |
10
# Exploit Title: Trend Micro Maximum Security 2019 - Arbitrary Code Execution
# Exploit Author: hyp3rlinx
# Vendor Homepage: www.trendmicro.com
# Version: Platform Microsoft Windows, Premium Security 2019 (v15), Maximum Security 2019 (v15)
# Internet Security 2019 (v15), Antivirus + Security 2019 (v15)
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt
[+] ISR: ApparitionSec
[Vendor]
www.trendmicro.com
[Product]
Trend Micro Security 2019 (Consumer) Multiple Products
Trend Micro Security provides comprehensive protection for your devices.
This includes protection against ransomware, viruses, malware, spyware, and identity theft.
[Vulnerability Type]
Security Bypass Protected Service Tampering
[CVE Reference]
CVE-2019-19697
[Security Issue]
Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM.
This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp"
service "coreServiceShell.exe" which does not allow Administrators to tamper with them.
This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start.
Note administrator privileges are required to exploit this vulnerability.
[CVSS 3.0 Scores: 3.9]
[Affected versions]
Platform Microsoft Windows
Premium Security 2019 (v15)
Maximum Security 2019 (v15)
Internet Security 2019 (v15)
Antivirus + Security 2019 (v15)
[References]
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx
[Exploit/POC]
1) Create a entry for the following registry key targeting "PtWatchdog.exe" and set the debugger string value to an arbitrary executable to gain SYSTEM privs.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PtWatchdog.exe
2) Create a string named "debugger" under the reg key and give it the value of the executable you wish to run as SYSTEM.
3) Restart the machine or wait until service is restart then you get SYSTEM and can now disable Trend Micro endpoint security coreServiceShell.exe service
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jan 2020 00:00Current
0.3Low risk
Vulners AI Score0.3
CVSS 3.16.7
CVSS 27.2
EPSS0.00293