jvndb-2018-000013
Vulnerability from jvndb
Published
2018-02-15 16:39
Modified
2018-04-11 12:23
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Insecure DLL Loading issue in multiple Trend Micro products
Details
Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427). When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded. Hidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN28865183/index.html
JVN https://jvn.jp/en/ta/JVNTA91240916/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6218
NVD https://nvd.nist.gov/vuln/detail/CVE-2018-6218
IPA SECURITY ALERTS https://www.ipa.go.jp/security/ciadr/vul/20180215-jvn.html
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Trend Micro, Inc.Worry-Free Business Security
Trend Micro, Inc.Worry-Free Business Security Services
Trend Micro, Inc.Trend Micro Deep Security
Trend Micro, Inc.Trend Micro Endpoint Sensor
Trend Micro, Inc.Trend Micro Security
Trend Micro, Inc.OfficeScan
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
  "dc:date": "2018-04-11T12:23+09:00",
  "dcterms:issued": "2018-02-15T16:39+09:00",
  "dcterms:modified": "2018-04-11T12:23+09:00",
  "description": "Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427).\r\n When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded.\r\n\r\nHidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000013.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:trendmicro:business_security",
      "@product": "Worry-Free Business Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:business_security_services",
      "@product": "Worry-Free Business Security Services",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:deep_security",
      "@product": "Trend Micro Deep Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:endpoint_sensor",
      "@product": "Trend Micro Endpoint Sensor",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:security",
      "@product": "Trend Micro Security",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:virus_baster_corporate_edition",
      "@product": "OfficeScan",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000013",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN28865183/index.html",
      "@id": "JVN#28865183",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6218",
      "@id": "CVE-2018-6218",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-6218",
      "@id": "CVE-2018-6218",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20180215-jvn.html",
      "@id": "Security Alert for Vulnerability in multiple Trend Micro products (JVN#28865183)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Insecure DLL Loading issue in multiple Trend Micro products"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.