CVE-2017-14082 Trend Micro Mobile Security (Enterprise) Uninitialized Pointer Information Disclosure and Denial of Service Vulnerability.

漏洞类别:Local

漏洞等级:

漏洞信息

Trend Micro Mobile Security is an essential component of Trend Micro complete user protection solution that gives you full visibility and control of mobile devices, apps, and data through a single built-in console. It strikes the right balance between user productivity and IT risks.

Trend Micro has released a new patch for Trend Micro Mobile Security (Enterprise) 9.7. This patch resolves a Uninitialized Pointer Information Disclosure and Denial of Service vulnerability.

Affected Versions:
Trend Micro Mobile Security (ENT) Versions before 9.7 CP B2455

QID Detection Logic (Authenticated):
Operating System: Windows
The checks for the vulnerable version of the file “ManagementServer.exe”. The install location of the file is determined via the registry key “HKLM\SOFTWARE\TrendMicro\MobileSecurity” value “Application Path”.

漏洞危害

Exploiting the vulnerability could lead to an Uninitialized Pointer Information Disclosure and Denial of Service on an affected server.

解决方案

Refer to advisory Trend Micro Mobile Security (Enterprise) Security Bulletin for patching details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

1118993

Leave a Reply