PT-2020-16773 · Trend Micro · Trend Micro Security 2020
Eran Shimony
·
Published
2020-11-18
·
Updated
2022-05-03
·
CVE-2020-27697
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Trend Micro Security 2020 (Consumer)
Description
The issue concerns a vulnerability in the installer package that can be exploited through a symlink attack. This involves placing a malicious DLL in a non-protected location with high privileges, potentially leading to the obtainment of administrative privileges during the product's installation.
Recommendations
For Trend Micro Security 2020 (Consumer), consider restricting access to the installer package to minimize the risk of exploitation until a patch is available. As a temporary workaround, ensure that all locations where the installer package is executed are protected from malicious DLL placement.
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trend Micro Security 2020