CVE-2022-44648

Vulnerability

An out-of-bounds read vulnerability exists in Trend Micro Apex One and Apex One as a Service. The flaw resides in the User Mode Hooking Monitor Engine and results from a lack of proper validation of user-supplied data, allowing a read past the end of an allocated buffer. Affected versions include Trend Micro Apex One (on-premises) and Apex One as a Service. The vulnerability is similar to but distinct from CVE-2022-44647 [1].

Exploitation

An attacker must first obtain the ability to execute low-privileged code on the target system. No additional authentication or user interaction is required beyond the initial low-privilege access. The specific sequence involves triggering the out-of-bounds read via the vulnerable engine, which can leak sensitive memory contents [1].

Impact

Successful exploitation allows a local attacker to disclose sensitive information. The confidentiality impact is low, and the integrity impact is none; however, the attacker can leverage this information disclosure in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of SYSTEM [1].

Mitigation

Trend Micro has released fixes for both Apex One and Apex One as a Service. Refer to the vendor security bulletin (article ID 000291770) for specific patch details and version numbers [2]. If patching is not immediately possible, ensure that local user accounts are restricted and unnecessary services disabled to reduce the attack surface.