Improper input validation in Microsoft Windows
CVE-2020-8607
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modi…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.007 (46.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Windows
- Trend Micro Anti-threat Toolkit (Attk) — versions 1.62.1240 and below
- Trend Micro Apex One — versions 2019 (On premise), SaaS
- Trend Micro Deep Security — versions 12.x, 11.x. 10.x
- Trend Micro Housecall — versions 8.0
- Trend Micro Officescan — versions XG SP1
- Trend Micro Portable Security — versions 3.x, 2.x
- Trend Micro Rootkit Buster — versions 2.2
- Trend Micro Safe Lock — versions 2.0 SP1, TXOne Ed
- Trend Micro Security (Consumer Family) — versions 2020 (v16), 2019 (v15)
Weakness classification (CWE)
References
- security@trendmicro.com (Patch, x_refsource_MISC, Vendor Advisory)
- security@trendmicro.com (x_refsource_MISC, Vendor Advisory)
- security@trendmicro.com (Third Party Advisory, x_refsource_MISC)
- security@trendmicro.com (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-8607?
- CVE-2020-8607 is a medium-severity vulnerability in Microsoft Windows, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2020-08-05.
- How severe is CVE-2020-8607?
- Medium severity. CVSS v3 base score is 6.7 out of 10.