CVE-2023-52338

Name of the Vulnerable Software and Affected Versions Trend Micro Deep Security versions 20.0 Trend Micro Cloud One - Endpoint and Workload Security Agent (affected versions not specified)

Description The issue is related to a link following vulnerability in the Anti-Malware module of Trend Micro Deep Security Agent for Windows operating systems. This vulnerability is caused by incorrect handling of symbolic links before accessing a file. Exploitation of this issue could allow an attacker to escalate privileges and execute arbitrary code. To exploit this vulnerability, an attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations For Trend Micro Deep Security version 20.0, update to a version that includes the fix for this issue. For Trend Micro Cloud One - Endpoint and Workload Security Agent, at the moment, there is no information about a newer version that contains a fix for this vulnerability.