CVE-2020-8607
Description
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. An attacker must already have obtained administrator access on the target machine (either legitimately or via a separate unrelated attack) to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An input validation flaw in Trend Micro anti-rootkit driver allows a local admin to cause a system crash or execute arbitrary code in kernel mode.
Vulnerability
A vulnerability exists in the Trend Micro anti-rootkit driver, which is used in multiple Trend Micro products. The driver improperly validates user-supplied input (CWE-1285), allowing a user-mode process with administrator privileges to pass a crafted IOCTL or other request that modifies a kernel memory address. Affected versions include any product using a vulnerable version of this driver; the specific product list is provided by Trend Micro [1][2].
Exploitation
To exploit this vulnerability, an attacker must already have obtained administrator-level access on the target system (either legitimately or via another attack). With that privilege, the attacker can send a specially crafted IOCTL or other driver interaction to abuse the input validation flaw. No user interaction beyond obtaining initial admin access is required. The attack is performed locally (CVSS:AV:L) and has low complexity [2].
Impact
Successful exploitation can lead to a system crash (denial of service) or arbitrary code execution in kernel mode. This gives the attacker full control over the system, including the ability to read, modify, or destroy data, install persistent malware, and escalate privileges beyond the initial admin level. The CVSS score is 7.8 (High) with confidentiality, integrity, and availability all rated as high [1][2].
Mitigation
Trend Micro has released updates and patches for vulnerable products. Users should update to the latest version or apply the appropriate patch as indicated by the vendor. As a workaround, administrators should not assign administrative privileges to untrusted users. No workaround that directly fixes the driver flaw is available. The CVE is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing [1][2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
11- Range: 1.62.1240 and below
- Trend Micro/Trend Micro Apex Onev5Range: 2019 (On premise), SaaS
- Range: 12.x, 11.x. 10.x
- Trend Micro/Trend Micro HouseCallv5Range: 8.0
- Trend Micro/Trend Micro OfficeScanv5Range: XG SP1
- Range: 3.x, 2.x
- Range: 2.2
- Trend Micro/Trend Micro Safe Lockv5Range: 2.0 SP1, TXOne Ed
- Range: 2020 (v16), 2019 (v15)
- Trend Micro/Trend Micro ServerProtectv5Range: SPFS 6.0, SPNAF 5.8, SPEMC 5.8, SPNT 5.8
- Range: 10.0 SP1, Services (SaaS)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- jvn.jp/en/vu/JVNVU99160193/index.htmlmitrex_refsource_MISC
- jvn.jp/vu/JVNVU99160193/mitrex_refsource_MISC
- success.trendmicro.com/jp/solution/000260748mitrex_refsource_MISC
- success.trendmicro.com/solution/000260713mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.