PT-2019-14306 · Trend Micro · Trend Micro Security

Published

2019-12-02

Updated

2019-12-13

CVE-2019-15628

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Security (Consumer) 2020 versions 16.0.1221 and below

Description The issue allows an attacker to use a specific service as an execution and/or persistence mechanism, potentially executing a malicious program each time the service is started. This is due to a DLL hijacking vulnerability.

Recommendations For versions 16.0.1221 and below, update to a version above 16.0.1221 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable service to minimize the risk of exploitation.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2019-15628

Affected Products

Trend Micro Security

PT-2019-14306 · Trend Micro · Trend Micro Security

CVE-2019-15628

Weakness Enumeration

Related Identifiers

Affected Products

References · 8