cvelistv5 - cve-2023-28929

cve-2023-28929

Vulnerability from cvelistv5

Published

2023-06-26 21:52

Modified

2024-12-05 15:46

Severity ?

Summary

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

References

▼	URL	Tags
	security@trendmicro.com	https://helpcenter.trendmicro.com/en-us/article/tmka-19062	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpcenter.trendmicro.com/en-us/article/tmka-19062	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Trend Micro, Inc.

Trend Micro Security (Consumer)

Version: 2023 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:51:38.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:trend_micro_inc:trend_micro_security:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "trend_micro_security",
            "vendor": "trend_micro_inc",
            "versions": [
              {
                "lessThan": "17.7.1634",
                "status": "affected",
                "version": "2023",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T15:42:15.626436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T15:46:07.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Trend Micro Security (Consumer)",
          "vendor": "Trend Micro, Inc.",
          "versions": [
            {
              "lessThan": "17.7.1634",
              "status": "affected",
              "version": "2023",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-26T21:52:22.423Z",
        "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "shortName": "trendmicro"
      },
      "references": [
        {
          "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
    "assignerShortName": "trendmicro",
    "cveId": "CVE-2023-28929",
    "datePublished": "2023-06-26T21:52:22.423Z",
    "dateReserved": "2023-03-27T22:16:25.202Z",
    "dateUpdated": "2024-12-05T15:46:07.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:antivirus\\\\+_security_2021:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.0.1412\", \"matchCriteriaId\": \"CE0F9724-D955-435A-AA01-88DC5D097202\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:internet_security_2021:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.0.1412\", \"matchCriteriaId\": \"98F87CB2-043E-4840-9BDB-94DEADDB45B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:maximum_security_2021:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.0.1412\", \"matchCriteriaId\": \"52BED273-F568-44A6-A4E6-EA47DEE456AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:premium_security_2021:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.0.1412\", \"matchCriteriaId\": \"FD1356F4-D159-4B8B-826C-4924BD2704C2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:antivirus\\\\+_security_2022:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.7.1476\", \"matchCriteriaId\": \"9D6FC368-0C19-4305-B795-C6B8D1762C04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:internet_security_2022:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.7.1476\", \"matchCriteriaId\": \"BF1430D6-5373-4B65-A178-3F9AA3BC59F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:maximum_security_2022:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.7.1476\", \"matchCriteriaId\": \"DA389598-92CB-4FD5-8589-B4BDC8E6B304\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:premium_security_2022:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.7.1476\", \"matchCriteriaId\": \"EF3517E4-310E-4018-8AAF-79276A1FBD27\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:antivirus\\\\+_security_2023:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.7.1476\", \"matchCriteriaId\": \"35E7CA3C-D4DF-4AAF-95FE-797B2D39A96D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:internet_security_2023:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.7.1476\", \"matchCriteriaId\": \"D6C50CA3-D54A-4C3D-9FE3-0CB2D112A488\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:maximum_security_2023:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.7.1476\", \"matchCriteriaId\": \"A2A9A81B-252B-463D-BD28-7EF505009468\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:trendmicro:premium_security_2023:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"17.7.1476\", \"matchCriteriaId\": \"90E3DEF9-B144-441A-8A00-BC1D4EAD9DB0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.\"}]",
      "id": "CVE-2023-28929",
      "lastModified": "2024-11-21T07:56:14.880",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-06-26T22:15:09.733",
      "references": "[{\"url\": \"https://helpcenter.trendmicro.com/en-us/article/tmka-19062\", \"source\": \"security@trendmicro.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://helpcenter.trendmicro.com/en-us/article/tmka-19062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@trendmicro.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-427\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-28929\",\"sourceIdentifier\":\"security@trendmicro.com\",\"published\":\"2023-06-26T22:15:09.733\",\"lastModified\":\"2024-11-21T07:56:14.880\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:antivirus\\\\+_security_2021:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.0.1412\",\"matchCriteriaId\":\"CE0F9724-D955-435A-AA01-88DC5D097202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:internet_security_2021:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.0.1412\",\"matchCriteriaId\":\"98F87CB2-043E-4840-9BDB-94DEADDB45B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:maximum_security_2021:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.0.1412\",\"matchCriteriaId\":\"52BED273-F568-44A6-A4E6-EA47DEE456AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:premium_security_2021:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.0.1412\",\"matchCriteriaId\":\"FD1356F4-D159-4B8B-826C-4924BD2704C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:antivirus\\\\+_security_2022:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.7.1476\",\"matchCriteriaId\":\"9D6FC368-0C19-4305-B795-C6B8D1762C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:internet_security_2022:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.7.1476\",\"matchCriteriaId\":\"BF1430D6-5373-4B65-A178-3F9AA3BC59F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:maximum_security_2022:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.7.1476\",\"matchCriteriaId\":\"DA389598-92CB-4FD5-8589-B4BDC8E6B304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:premium_security_2022:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.7.1476\",\"matchCriteriaId\":\"EF3517E4-310E-4018-8AAF-79276A1FBD27\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:antivirus\\\\+_security_2023:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.7.1476\",\"matchCriteriaId\":\"35E7CA3C-D4DF-4AAF-95FE-797B2D39A96D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:internet_security_2023:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.7.1476\",\"matchCriteriaId\":\"D6C50CA3-D54A-4C3D-9FE3-0CB2D112A488\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:maximum_security_2023:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.7.1476\",\"matchCriteriaId\":\"A2A9A81B-252B-463D-BD28-7EF505009468\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:trendmicro:premium_security_2023:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.7.1476\",\"matchCriteriaId\":\"90E3DEF9-B144-441A-8A00-BC1D4EAD9DB0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://helpcenter.trendmicro.com/en-us/article/tmka-19062\",\"source\":\"security@trendmicro.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://helpcenter.trendmicro.com/en-us/article/tmka-19062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://helpcenter.trendmicro.com/en-us/article/tmka-19062\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T13:51:38.989Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-28929\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-05T15:42:15.626436Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:trend_micro_inc:trend_micro_security:*:*:*:*:*:*:*:*\"], \"vendor\": \"trend_micro_inc\", \"product\": \"trend_micro_security\", \"versions\": [{\"status\": \"affected\", \"version\": \"2023\", \"lessThan\": \"17.7.1634\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-05T15:45:56.444Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Trend Micro, Inc.\", \"product\": \"Trend Micro Security (Consumer)\", \"versions\": [{\"status\": \"affected\", \"version\": \"2023\", \"lessThan\": \"17.7.1634\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://helpcenter.trendmicro.com/en-us/article/tmka-19062\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.\"}], \"providerMetadata\": {\"orgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"shortName\": \"trendmicro\", \"dateUpdated\": \"2023-06-26T21:52:22.423Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-28929\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-05T15:46:07.827Z\", \"dateReserved\": \"2023-03-27T22:16:25.202Z\", \"assignerOrgId\": \"7f7bd7df-cffe-4fdb-ab6d-859363b89272\", \"datePublished\": \"2023-06-26T21:52:22.423Z\", \"assignerShortName\": \"trendmicro\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

gsd-2023-28929

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-28929

Aliases

CVE-2023-28929

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-28929",
    "id": "GSD-2023-28929"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-28929"
      ],
      "details": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.",
      "id": "GSD-2023-28929",
      "modified": "2023-12-13T01:20:48.710359Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@trendmicro.com",
        "ID": "CVE-2023-28929",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Trend Micro Security (Consumer)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "2023",
                          "version_value": "17.7.1634"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Trend Micro, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062",
            "refsource": "MISC",
            "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:antivirus\\+_security_2021:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.0.1412",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:internet_security_2021:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.0.1412",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:maximum_security_2021:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.0.1412",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:premium_security_2021:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.0.1412",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:antivirus\\+_security_2022:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1476",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:internet_security_2022:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1476",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:maximum_security_2022:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1476",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:premium_security_2022:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1476",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:antivirus\\+_security_2023:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1476",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:internet_security_2023:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1476",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:maximum_security_2023:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1476",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:trendmicro:premium_security_2023:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.7.1476",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@trendmicro.com",
          "ID": "CVE-2023-28929"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-427"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-07-07T14:12Z",
      "publishedDate": "2023-06-26T22:15Z"
    }
  }
}

ghsa-6g93-cf4g-mr26

Vulnerability from github

Published

2023-06-27 00:30

Modified

2024-04-04 05:10

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-28929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-26T22:15:09Z",
    "severity": "HIGH"
  },
  "details": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.",
  "id": "GHSA-6g93-cf4g-mr26",
  "modified": "2024-04-04T05:10:58Z",
  "published": "2023-06-27T00:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28929"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2023-0980

Vulnerability from csaf_certbund

Published

2023-04-16 22:00

Modified

2023-04-16 22:00

Summary

Trend Micro Security Produkte: Schwachstelle ermöglicht Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Trend Micro Internet Security ist eine Firewall und Antivirus Lösung. Trend Micro Maximum Security ist eine Desktop Security Suite. Trend Micro AntiVirus ist eine Anti-Viren-Software.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Trend Micro Internet Security, Trend Micro Maximum Security und Trend Micro AntiVirus ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Trend Micro Internet Security ist eine Firewall und Antivirus L\u00f6sung.\r\nTrend Micro Maximum Security ist eine Desktop Security Suite.\r\nTrend Micro AntiVirus ist eine Anti-Viren-Software.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Trend Micro Internet Security, Trend Micro Maximum Security und Trend Micro AntiVirus ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0980 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0980.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0980 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0980"
      },
      {
        "category": "external",
        "summary": "TrendMicro Helpcenter vom 2023-04-16",
        "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
      }
    ],
    "source_lang": "en-US",
    "title": "Trend Micro Security Produkte: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2023-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:00.198+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0980",
      "initial_release_date": "2023-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Trend Micro AntiVirus",
            "product": {
              "name": "Trend Micro AntiVirus",
              "product_id": "T006772",
              "product_identification_helper": {
                "cpe": "cpe:/a:trendmicro:antivirus:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Trend Micro Internet Security",
            "product": {
              "name": "Trend Micro Internet Security",
              "product_id": "T010148",
              "product_identification_helper": {
                "cpe": "cpe:/a:trendmicro:internet_security:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Trend Micro Maximum Security",
            "product": {
              "name": "Trend Micro Maximum Security",
              "product_id": "T017368",
              "product_identification_helper": {
                "cpe": "cpe:/a:trendmicro:maximum_security:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Trend Micro"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28929",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Trend Micro Internet Security, Trend Micro Maximum Security und Trend Micro AntiVirus. Es besteht eine Anf\u00e4lligkeit f\u00fcr einen DLL-Hijacking-Angriff. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006772",
          "T017368",
          "T010148"
        ]
      },
      "release_date": "2023-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-28929"
    }
  ]
}

wid-sec-w-2023-0980

Vulnerability from csaf_certbund

Published

2023-04-16 22:00

Modified

2023-04-16 22:00

Summary

Trend Micro Security Produkte: Schwachstelle ermöglicht Codeausführung

Notes

Produktbeschreibung

Trend Micro Internet Security ist eine Firewall und Antivirus Lösung. Trend Micro Maximum Security ist eine Desktop Security Suite. Trend Micro AntiVirus ist eine Anti-Viren-Software.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Trend Micro Internet Security, Trend Micro Maximum Security und Trend Micro AntiVirus ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Trend Micro Internet Security ist eine Firewall und Antivirus L\u00f6sung.\r\nTrend Micro Maximum Security ist eine Desktop Security Suite.\r\nTrend Micro AntiVirus ist eine Anti-Viren-Software.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Trend Micro Internet Security, Trend Micro Maximum Security und Trend Micro AntiVirus ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0980 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0980.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0980 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0980"
      },
      {
        "category": "external",
        "summary": "TrendMicro Helpcenter vom 2023-04-16",
        "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
      }
    ],
    "source_lang": "en-US",
    "title": "Trend Micro Security Produkte: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2023-04-16T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:49:00.198+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0980",
      "initial_release_date": "2023-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Trend Micro AntiVirus",
            "product": {
              "name": "Trend Micro AntiVirus",
              "product_id": "T006772",
              "product_identification_helper": {
                "cpe": "cpe:/a:trendmicro:antivirus:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Trend Micro Internet Security",
            "product": {
              "name": "Trend Micro Internet Security",
              "product_id": "T010148",
              "product_identification_helper": {
                "cpe": "cpe:/a:trendmicro:internet_security:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Trend Micro Maximum Security",
            "product": {
              "name": "Trend Micro Maximum Security",
              "product_id": "T017368",
              "product_identification_helper": {
                "cpe": "cpe:/a:trendmicro:maximum_security:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Trend Micro"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-28929",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Trend Micro Internet Security, Trend Micro Maximum Security und Trend Micro AntiVirus. Es besteht eine Anf\u00e4lligkeit f\u00fcr einen DLL-Hijacking-Angriff. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T006772",
          "T017368",
          "T010148"
        ]
      },
      "release_date": "2023-04-16T22:00:00.000+00:00",
      "title": "CVE-2023-28929"
    }
  ]
}

fkie_cve-2023-28929

Vulnerability from fkie_nvd

Published

2023-06-26 22:15

Modified

2024-11-21 07:56

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	security@trendmicro.com	https://helpcenter.trendmicro.com/en-us/article/tmka-19062	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://helpcenter.trendmicro.com/en-us/article/tmka-19062	Vendor Advisory

Impacted products

Vendor	Product	Version
trendmicro	antivirus\+_security_2021	*
trendmicro	internet_security_2021	*
trendmicro	maximum_security_2021	*
trendmicro	premium_security_2021	*
microsoft	windows	-
trendmicro	antivirus\+_security_2022	*
trendmicro	internet_security_2022	*
trendmicro	maximum_security_2022	*
trendmicro	premium_security_2022	*
microsoft	windows	-
trendmicro	antivirus\+_security_2023	*
trendmicro	internet_security_2023	*
trendmicro	maximum_security_2023	*
trendmicro	premium_security_2023	*
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2021:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE0F9724-D955-435A-AA01-88DC5D097202",
              "versionEndIncluding": "17.0.1412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:internet_security_2021:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F87CB2-043E-4840-9BDB-94DEADDB45B5",
              "versionEndIncluding": "17.0.1412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:maximum_security_2021:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "52BED273-F568-44A6-A4E6-EA47DEE456AA",
              "versionEndIncluding": "17.0.1412",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:premium_security_2021:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD1356F4-D159-4B8B-826C-4924BD2704C2",
              "versionEndIncluding": "17.0.1412",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D6FC368-0C19-4305-B795-C6B8D1762C04",
              "versionEndIncluding": "17.7.1476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:internet_security_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1430D6-5373-4B65-A178-3F9AA3BC59F7",
              "versionEndIncluding": "17.7.1476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:maximum_security_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA389598-92CB-4FD5-8589-B4BDC8E6B304",
              "versionEndIncluding": "17.7.1476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:premium_security_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF3517E4-310E-4018-8AAF-79276A1FBD27",
              "versionEndIncluding": "17.7.1476",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2023:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35E7CA3C-D4DF-4AAF-95FE-797B2D39A96D",
              "versionEndIncluding": "17.7.1476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:internet_security_2023:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C50CA3-D54A-4C3D-9FE3-0CB2D112A488",
              "versionEndIncluding": "17.7.1476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:maximum_security_2023:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A9A81B-252B-463D-BD28-7EF505009468",
              "versionEndIncluding": "17.7.1476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trendmicro:premium_security_2023:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90E3DEF9-B144-441A-8A00-BC1D4EAD9DB0",
              "versionEndIncluding": "17.7.1476",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
    }
  ],
  "id": "CVE-2023-28929",
  "lastModified": "2024-11-21T07:56:14.880",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-26T22:15:09.733",
  "references": [
    {
      "source": "security@trendmicro.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
    }
  ],
  "sourceIdentifier": "security@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2023-28929

Vulnerability from jvndb

Published

2023-04-14 15:44

Modified

2024-04-26 17:48

Severity ?

8.6 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

Trend Micro Security may insecurely load Dynamic Link Libraries

Details

Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue (CWE-427). While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application executable may result in Trend Micro Security loading the malicious DLL. Rintaro Fujita of Nippon Telegraph and Telephone Corporation, Hiroki Hada of NTT Security (Japan) KK and Hiroki Mashiko of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN76257155/index.html
	JVN	https://jvn.jp/en/ta/JVNTA91240916/
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-28929
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-28929
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Trend Micro, Inc.	Trend Micro Security

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000033.html",
  "dc:date": "2024-04-26T17:48+09:00",
  "dcterms:issued": "2023-04-14T15:44+09:00",
  "dcterms:modified": "2024-04-26T17:48+09:00",
  "description": "Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue (CWE-427).\r\nWhile the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application executable may result in Trend Micro Security loading the malicious DLL.\r\n\r\nRintaro Fujita of Nippon Telegraph and Telephone Corporation, Hiroki Hada of NTT Security (Japan) KK and Hiroki Mashiko of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000033.html",
  "sec:cpe": {
    "#text": "cpe:/a:trendmicro:security",
    "@product": "Trend Micro Security",
    "@vendor": "Trend Micro, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.6",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000033",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN76257155/index.html",
      "@id": "JVN#76257155",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-28929",
      "@id": "CVE-2023-28929",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-28929",
      "@id": "CVE-2023-28929",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Trend Micro Security may insecurely load Dynamic Link Libraries"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2023-28929

Vulnerability from cvelistv5

gsd-2023-28929

Vulnerability from gsd

ghsa-6g93-cf4g-mr26

Vulnerability from github

WID-SEC-W-2023-0980

Vulnerability from csaf_certbund

wid-sec-w-2023-0980

Vulnerability from csaf_certbund

fkie_cve-2023-28929

Vulnerability from fkie_nvd

cve-2023-28929

Vulnerability from jvndb

Tags

Sightings

Nomenclature