Rewterz Threat Advisory – CVE-2022-38764 – Trend Micro HouseCall Vulnerability
September 5, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
September 5, 2022Rewterz Threat Advisory – CVE-2022-38764 – Trend Micro HouseCall Vulnerability
September 5, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
September 5, 2022Severity
Medium
Analysis Summary
CVE-2022-37347 CVSS:4.4
Trend Micro Maximum Security could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read in the User Mode Hooking Monitor Engine. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to escalate privileges and execute arbitrary code in the context of SYSTEM.
CVE-2022-37348 CVSS:4.4
Trend Micro Maximum Security could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read in the User Mode Hooking Monitor Engine. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to escalate privileges and execute arbitrary code in the context of SYSTEM.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-29158
- CVE-2022-29063
- CVE-2022-25813
- CVE-2022-25371
- CVE-2022-25370
Affected Vendors
Trend Micro
Affected Products
- Trend Micro Security 2022 (17.7.1383)
Remediation
Refer to Trend Micro Security for patch, upgrade or suggested workaround information.