CVE-2022-30702

Vulnerability

The vulnerability exists in the NCIE Scanner module of Trend Micro Security 2022 (version 17.7.1130 and below) and Trend Micro Security 2021 (version 17.0.1394 and below) for Windows [1][2]. The issue is an out-of-bounds read: the software reads beyond the end of an allocated buffer due to improper validation of user-supplied data [1].

Exploitation

An attacker must first be able to execute low-privileged code on the target system [1]. No additional authentication or network access is required beyond local code execution. The flaw is triggered by providing crafted input to the NCIE Scanner module, causing a read past the end of a buffer [1].

Impact

Successful exploitation results in the disclosure of sensitive information from heap memory [1]. The CVSS scope is changed (C), indicating the vulnerability can impact resources beyond the original privilege boundary [2]. An attacker could combine this information disclosure with other vulnerabilities to escalate privileges to SYSTEM and achieve arbitrary code execution [1].

Mitigation

Trend Micro has released updated versions: Security 2022 (v17.7.1472 and above) and Security 2021 (v17.0.1394 and above), distributed automatically via ActiveUpdate [2]. The vendor states no active exploitation has been reported as of the advisory publication [2]. No workaround other than applying the update is available.