CVE-2019-14686

EPSS 0.3%
Veröffentlicht 21.08.2019 20:15:12
Zuletzt bearbeitet 21.11.2024 04:27:08
Quelle security@trendmicro.com
Teams Watchlist Login
Unerledigt Login

A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Trendmicro ≫ Antivirus + Security 2019 Version15.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Internet Security 2019 Version15.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Maximum Security 2019 Version15.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Premium Security 2019 Version15.0

Microsoft ≫ Windows Version-

Trendmicro ≫ Ransom Buster Version1.0

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.504

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-14686

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-14686

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-14686

EUVD