Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software

guest · Dec 2, 2019

Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software
Privilege escalation and code execution bugs lurked in the applications
December 2, 2019
https://www.zdnet.com/article/researchers-disclose-bugs-in-autodesk-trend-micro-kaspersky-software/

Researchers have disclosed a set of security vulnerabilities in Autodesk, Trend Micro, and Kaspersky software.
On Monday, the SafeBreach Labs published three security advisories describing the bugs, all of which were privately reported to the vendors before public disclosure.

The first vulnerability, tracked as CVE-2019-15628, impacts Trend Micro Maximum Security version 16.0.1221 and below. [...] lack of safe DLL loading and signed validation meant that attackers could exploit this security hole, loading unsigned DLLs as a result.
The second vulnerability disclosed at the same time affects Kaspersky Secure Connection [...] Potentially suitable as part of a post-exploit chain, the vulnerability permits arbitrary DLL loading signed off by AO Kaspersky Lab and able to run with high permission levels.

The final vulnerability, CVE-2019-7365, was discovered in the Autodesk desktop application.
A missing DLL call made by an accompanying library also permitted the loading of arbitrary DLLs. In addition, there is no digital certificate validation, and so unsigned DLLs can be executed.
Click to expand...

SafeBreach:
Trend Micro Security 16 - DLL Search-Order Hijacking and Potential Abuses (CVE-2019-15628)
Kaspersky Secure Connection - DLL Preloading and Potential Abuses (CVE-2019-15689)
Autodesk Desktop Application - Privilege Escalation to SYSTEM (CVE-2019-7365)

Log in or Sign up

Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software

guest Guest

Log in or Sign up

Researchers disclose DLL loading vulnerabilities in Autodesk, Trend Micro, Kaspersky software

guest Guest

Useful Searches