Vigil@nce - Trend Micro Internet Security: NULL pointer dereference via tmnciesc
October 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a NULL pointer to be dereferenced via
tmnciesc of Trend Micro Internet Security, in order to trigger a
denial of service.
– Impacted products: Trend Micro Internet Security.
– Severity: 1/4.
– Creation date: 07/10/2016.
DESCRIPTION OF THE VULNERABILITY
The Trend Micro Internet Security product offers a web service.
However, it does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced
via tmnciesc of Trend Micro Internet Security, in order to trigger
a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN