CVE-2017-5565

Name of the Vulnerable Software and Affected Versions Trend Micro Maximum Security versions 11.0 and earlier Trend Micro Internet Security versions 11.0 and earlier Trend Micro Antivirus+ Security versions 11.0 and earlier

Description A code injection issue allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. This is possible because the products do not use the Protected Processes feature, allowing an attacker to enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry. The self-protection mechanism, intended to block local processes from modifying Image File Execution Options, can be bypassed by temporarily renaming Image File Execution Options during the attack.

Recommendations For Trend Micro Maximum Security versions 11.0 and earlier, update to a version that includes a fix for this issue. For Trend Micro Internet Security versions 11.0 and earlier, update to a version that includes a fix for this issue. For Trend Micro Antivirus+ Security versions 11.0 and earlier, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the registry to minimize the risk of exploitation.