Auto-merge PR#2445

2025-06-07 21:47:16 +00:00 · 2019-08-20 09:35:09 -04:00 · 2019-08-20 09:35:09 -04:00 · 942ac1b471
commit 942ac1b471
parent 81cb6e7891 d2c595b2e6
2 changed files with 126 additions and 0 deletions
--- a/2019/14xxx/CVE-2019-14684.json
+++ b/2019/14xxx/CVE-2019-14684.json
@ -0,0 +1,63 @@
+{
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2019-14684",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Password Manager",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (5.0)"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.  This process is very similar, yet not identical to CVE-2019-14687."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "DLL Hijacking"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx"
+			},
+			{
+				"url" : "https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM"
+			}
+		]
+	}
+}
--- a/2019/14xxx/CVE-2019-14687.json
+++ b/2019/14xxx/CVE-2019-14687.json
@ -0,0 +1,63 @@
+{
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2019-14687",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Password Manager",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (5.0)"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.  This process is very similar, yet not identical to CVE-2019-14684."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "DLL Hijacking"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx"
+			},
+			{
+				"url" : "https://medium.com/@infiniti_css/fa839acaad59"
+			}
+		]
+	}
+}