Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Trend Micro Maximum Security、Internet Security和和Antivirus+ Security 安全漏洞
Vulnerability Description
Trend Micro Maximum Security等都是美国趋势科技(Trend Micro)公司的杀毒软件。 Trend Micro Maximum Security 11.0及之前的版本、Internet Security 11.0及之前的版本和Antivirus+ Security 11.0及之前的版本中存在代码注入漏洞。本地攻击者可利用该漏洞绕过保护机制,执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A