关键漏洞信息 Advisory ID: ZDI-23-835 CVE ID: CVE-2023-34144 CVSS Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Vendor: Trend Micro Affected Product: Apex One Vulnerability Details Description: - Exploitability: This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. The attacker must first gain the ability to execute low-privileged code. - Cause: The flaw lies within the Apex One Client Plug-in Service Manager, leading to loading a module from an untrusted location. This can be leveraged to escalate privileges and execute arbitrary code as SYSTEM. Disclosure Timeline 2022-12-22: Reported to vendor 2023-06-08: Public release of advisory Credit Researchers: Lynn and Lays (@_L4ys)