CVE-2020-8607
Published: Aug 5, 2020
Modified: Aug 4, 2024
Description
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Trend Micro | Trend Micro Apex One | affected 2019 (On premise), SaaS |
Trend Micro | Trend Micro OfficeScan | affected XG SP1 |
Trend Micro | Trend Micro Deep Security | affected 12.x, 11.x. 10.x |
Trend Micro | Trend Micro Worry-Free Business Security | affected 10.0 SP1, Services (SaaS) |
Trend Micro | Trend Micro Security (Consumer Family) | affected 2020 (v16), 2019 (v15) |
Trend Micro | Trend Micro Safe Lock | affected 2.0 SP1, TXOne Ed |
Trend Micro | Trend Micro ServerProtect | affected SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8 |
Trend Micro | Trend Micro Portable Security | affected 3.x, 2.x |
Trend Micro | Trend Micro HouseCall | affected 8.0 |
Trend Micro | Trend Micro Anti-Threat Toolkit (ATTK) | affected 1.62.1240 and below |
Trend Micro | Trend Micro Rootkit Buster | affected 2.2 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now