Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Trend Micro Internet Security Vendors:   Trend Micro
Trend Micro Internet Security Application Verifier Provider DLL Protection Flaw Lets Local Users Bypass Anti-Virus Protections and Gain Elevated Privileges
SecurityTracker Alert ID:  1038206
SecurityTracker URL:
CVE Reference:   CVE-2017-5565   (Links to External Site)
Date:  Apr 8 2017
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11.1.1005 and prior
Description:   A vulnerability was reported in Trend Micro Internet Security. A local user can obtain elevated privileges on the target system.

The software does not use the Windows Protected Processes feature. A local administrative user can use the Image File Execution Options in the Windows Registry to specify an arbitrary Application Verifier Provider DLL and then rename the registry keys to bypass anti-virus protection features and execute arbitrary code on the target system with elevated privileges that will not be detected by the software.

The original advisory is available at:

Michael Engstler of Cybellum reported this vulnerability.

Impact:   A local administrative user can obtain elevated privileges and bypass anti-virus protection on the target system.
Solution:   The vendor has issued a fix (HF 1403), available via ActiveUpdate as of March 30, 2017.

The vendor advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC