VAR-201305-0371
Vulnerability from variot - Updated: 2022-05-17 01:57Trend Micro DirectPass is a password management solution. The Trend Micro DirectPass master password setting module (InstallWorkspace.exe) has a security vulnerability. For security reasons, the master password setting module allows for the review of included passwords. When the user hovers over the password field to be examined, hiding the protected master password is displayed in the check module. The software has command/path injection when processing the hidden password. Can cause arbitrary OS commands to be executed in a software context. A local attacker can exploit the vulnerability to execute arbitrary commands with high privileges. Successful exploits may compromise the affected application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201305-0371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "directpass",
"scope": "eq",
"trust": 1.1,
"vendor": "trend micro",
"version": "1.5.0.1060"
},
{
"model": "directpass",
"scope": "ne",
"trust": 0.3,
"vendor": "trend micro",
"version": "1.6"
}
],
"sources": [
{
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05941"
},
{
"db": "BID",
"id": "60023"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Benjamin Kunz Mejri",
"sources": [
{
"db": "BID",
"id": "60023"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-594"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2013-05941",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-05941",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05941"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro DirectPass is a password management solution. The Trend Micro DirectPass master password setting module (InstallWorkspace.exe) has a security vulnerability. For security reasons, the master password setting module allows for the review of included passwords. When the user hovers over the password field to be examined, hiding the protected master password is displayed in the check module. The software has command/path injection when processing the hidden password. Can cause arbitrary OS commands to be executed in a software context. A local attacker can exploit the vulnerability to execute arbitrary commands with high privileges. Successful exploits may compromise the affected application",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05941"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-594"
},
{
"db": "BID",
"id": "60023"
},
{
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "60023",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-05941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-594",
"trust": 0.6
},
{
"db": "IVD",
"id": "A6493C32-1F22-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05941"
},
{
"db": "BID",
"id": "60023"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-594"
}
]
},
"id": "VAR-201305-0371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05941"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05941"
}
]
},
"last_update_date": "2022-05-17T01:57:50.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Trend Micro DirectPass Local Command Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/34254"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05941"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://seclists.org/fulldisclosure/2013/may/112"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60023"
},
{
"trust": 0.3,
"url": "http://www.trendmicro.com/us/home/products/directpass/index.html"
},
{
"trust": 0.3,
"url": "http://esupport.trendmicro.com/solution/en-us/1096805.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05941"
},
{
"db": "BID",
"id": "60023"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-594"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05941"
},
{
"db": "BID",
"id": "60023"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-594"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-23T00:00:00",
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
},
{
"date": "2013-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05941"
},
{
"date": "2013-05-15T00:00:00",
"db": "BID",
"id": "60023"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-594"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05941"
},
{
"date": "2013-05-15T00:00:00",
"db": "BID",
"id": "60023"
},
{
"date": "2013-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-594"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "60023"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-594"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trend Micro DirectPass Local command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "a6493c32-1f22-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-05941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-594"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…