From d2c595b2e6c4e67e8c68b80bb9b1d69f23174243 Mon Sep 17 00:00:00 2001
From: jpattrendmicro <jonn_perez@trendmicro.com>
Date: Mon, 19 Aug 2019 13:34:37 -0700
Subject: [PATCH] CVE-2019-14684 and 14687 from Trend Micro

CVE-2019-14684 and 14687 from Trend Micro on 08192019
---
 2019/14xxx/CVE-2019-14684.json | 63 ++++++++++++++++++++++++++++++++++
 2019/14xxx/CVE-2019-14687.json | 63 ++++++++++++++++++++++++++++++++++
 2 files changed, 126 insertions(+)
 create mode 100644 2019/14xxx/CVE-2019-14684.json
 create mode 100644 2019/14xxx/CVE-2019-14687.json

diff --git a/2019/14xxx/CVE-2019-14684.json b/2019/14xxx/CVE-2019-14684.json
new file mode 100644
index 00000000000..06131101c97
--- /dev/null
+++ b/2019/14xxx/CVE-2019-14684.json
@@ -0,0 +1,63 @@
+{
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2019-14684",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Password Manager",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (5.0)"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.  This process is very similar, yet not identical to CVE-2019-14687."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "DLL Hijacking"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx"
+			},
+			{
+				"url" : "https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM"
+			}
+		]
+	}
+}
diff --git a/2019/14xxx/CVE-2019-14687.json b/2019/14xxx/CVE-2019-14687.json
new file mode 100644
index 00000000000..3b062dc8eda
--- /dev/null
+++ b/2019/14xxx/CVE-2019-14687.json
@@ -0,0 +1,63 @@
+{
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2019-14687",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Password Manager",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (5.0)"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.  This process is very similar, yet not identical to CVE-2019-14684."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "DLL Hijacking"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx"
+			},
+			{
+				"url" : "https://medium.com/@infiniti_css/fa839acaad59"
+			}
+		]
+	}
+}