CVE-2022-40707 An OOB read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security could allow a local attacker to disclose sensitive information.

This issue is unique to Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows versions before 3.0.9. An attacker could exploit this issue to obtain sensitive information by reading data from the memory of the affected system. This issue can be leveraged by attackers to bypass certain security mechanisms in the affected software. Trend Micro recommends installing the latest version of the Deep Security and Cloud One - Workload Security Agent for Windows to mitigate this issue. Fix: update to version 3.0.9 or later. CVE-2017-15795 Trend Micro products have been found to be vulnerable to an out-of-bounds read vulnerability. This issue could allow an attacker to obtain sensitive information by reading data from the memory of the affected system. This issue can be leveraged by attackers to bypass certain security mechanisms in the affected software. Trend Micro recommends installing the latest version of the Deep Security and Cloud One - Workload Security Agent for Windows to mitigate this issue.

Trend Micro Deep Security and Trend Micro Smart Home Bundle products have been found to be vulnerabl

The vulnerability, CVE-2017-15795, is unique to Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows versions before 3.0.9. An attacker can exploit this issue to obtain sensitive information by reading data from the memory of the affected system. This issue can be leveraged by attackers to bypass certain security mechanisms in the affected software. Trend Micro recommends installing the latest version of the Deep Security and Cloud One - Workload Security Agent for Windows to mitigate this issue. Fix: update to version 3.0.9 or later.

Trend Micro™ Deep Security and Cloud One - Workload Security Agent for Windows Vulnerabilities

Trend Micro™ Deep Security 20 and Cloud One - Workload Security Agent for Windows versions before 3.0.9 are vulnerable to two out-of-bounds read vulnerabilities that could allow an attacker to obtain sensitive information by reading data from the memory of the affected system. Trend Micro recommends installing the latest version of the Deep Security and Cloud One - Workload Security Agent for Windows to mitigate these vulnerabilities.
1) CVE-2017-15795
2) CVE-2022-40707

Timeline

Published on: 09/28/2022 21:15:00 UTC
Last modified on: 09/29/2022 15:04:00 UTC

References

• https://www.zerodayinitiative.com/advisories/ZDI-22-1297/
• https://success.trendmicro.com/solution/000291590
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40707