{"containers":{"cna":{"affected":[{"product":"Trend Micro Apex One","vendor":"Trend Micro","versions":[{"status":"affected","version":"2019 (On premise), SaaS"}]},{"product":"Trend Micro OfficeScan","vendor":"Trend Micro","versions":[{"status":"affected","version":"XG SP1"}]},{"product":"Trend Micro Deep Security","vendor":"Trend Micro","versions":[{"status":"affected","version":"12.x, 11.x. 10.x"}]},{"product":"Trend Micro Worry-Free Business Security","vendor":"Trend Micro","versions":[{"status":"affected","version":"10.0 SP1, Services (SaaS)"}]},{"product":"Trend Micro Security (Consumer Family)","vendor":"Trend Micro","versions":[{"status":"affected","version":"2020 (v16), 2019 (v15)"}]},{"product":"Trend Micro Safe Lock","vendor":"Trend Micro","versions":[{"status":"affected","version":"2.0 SP1, TXOne Ed"}]},{"product":"Trend Micro ServerProtect","vendor":"Trend Micro","versions":[{"status":"affected","version":"SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8"}]},{"product":"Trend Micro Portable Security","vendor":"Trend Micro","versions":[{"status":"affected","version":"3.x, 2.x"}]},{"product":"Trend Micro HouseCall","vendor":"Trend Micro","versions":[{"status":"affected","version":"8.0"}]},{"product":"Trend Micro Anti-Threat Toolkit (ATTK)","vendor":"Trend Micro","versions":[{"status":"affected","version":"1.62.1240 and below"}]},{"product":"Trend Micro Rootkit Buster","vendor":"Trend Micro","versions":[{"status":"affected","version":"2.2"}]}],"descriptions":[{"lang":"en","value":"An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability."}],"problemTypes":[{"descriptions":[{"description":"Improper Input Validation","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-08-05T14:05:22.000Z","orgId":"7f7bd7df-cffe-4fdb-ab6d-859363b89272","shortName":"trendmicro"},"references":[{"tags":["x_refsource_MISC"],"url":"https://success.trendmicro.com/solution/000260713"},{"tags":["x_refsource_MISC"],"url":"https://success.trendmicro.com/jp/solution/000260748"},{"tags":["x_refsource_MISC"],"url":"https://jvn.jp/vu/JVNVU99160193/"},{"tags":["x_refsource_MISC"],"url":"https://jvn.jp/en/vu/JVNVU99160193/index.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@trendmicro.com","ID":"CVE-2020-8607","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Trend Micro Apex One","version":{"version_data":[{"version_value":"2019 (On premise), SaaS"}]}},{"product_name":"Trend Micro OfficeScan","version":{"version_data":[{"version_value":"XG SP1"}]}},{"product_name":"Trend Micro Deep Security","version":{"version_data":[{"version_value":"12.x, 11.x. 10.x"}]}},{"product_name":"Trend Micro Worry-Free Business Security","version":{"version_data":[{"version_value":"10.0 SP1, Services (SaaS)"}]}},{"product_name":"Trend Micro Security (Consumer Family)","version":{"version_data":[{"version_value":"2020 (v16), 2019 (v15)"}]}},{"product_name":"Trend Micro Safe Lock","version":{"version_data":[{"version_value":"2.0 SP1, TXOne Ed"}]}},{"product_name":"Trend Micro ServerProtect","version":{"version_data":[{"version_value":"SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8"}]}},{"product_name":"Trend Micro Portable Security","version":{"version_data":[{"version_value":"3.x, 2.x"}]}},{"product_name":"Trend Micro HouseCall","version":{"version_data":[{"version_value":"8.0"}]}},{"product_name":"Trend Micro Anti-Threat Toolkit (ATTK)","version":{"version_data":[{"version_value":"1.62.1240 and below"}]}},{"product_name":"Trend Micro Rootkit Buster","version":{"version_data":[{"version_value":"2.2"}]}}]},"vendor_name":"Trend Micro"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://success.trendmicro.com/solution/000260713","refsource":"MISC","url":"https://success.trendmicro.com/solution/000260713"},{"name":"https://success.trendmicro.com/jp/solution/000260748","refsource":"MISC","url":"https://success.trendmicro.com/jp/solution/000260748"},{"name":"https://jvn.jp/vu/JVNVU99160193/","refsource":"MISC","url":"https://jvn.jp/vu/JVNVU99160193/"},{"name":"https://jvn.jp/en/vu/JVNVU99160193/index.html","refsource":"MISC","url":"https://jvn.jp/en/vu/JVNVU99160193/index.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T10:03:46.363Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://success.trendmicro.com/solution/000260713"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://success.trendmicro.com/jp/solution/000260748"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://jvn.jp/vu/JVNVU99160193/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://jvn.jp/en/vu/JVNVU99160193/index.html"}]}]},"cveMetadata":{"assignerOrgId":"7f7bd7df-cffe-4fdb-ab6d-859363b89272","assignerShortName":"trendmicro","cveId":"CVE-2020-8607","datePublished":"2020-08-05T14:05:23.000Z","dateReserved":"2020-02-04T00:00:00.000Z","dateUpdated":"2024-08-04T10:03:46.363Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}