7

CVE-2019-14688

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrendmicroControl Manager Version7.0
   MicrosoftWindows Version-
TrendmicroEndpoint Sensor Version1.6
   MicrosoftWindows Version-
TrendmicroIm Security Version1.6.5
   MicrosoftWindows Version-
TrendmicroMobile Security Version9.8 SwEditionenterprise
   MicrosoftWindows Version-
TrendmicroOfficescan Versionxg
   MicrosoftWindows Version-
TrendmicroScanmail Version14.0 SwPlatformmicrosoft_exchange
   MicrosoftWindows Version-
TrendmicroSecurity Version2019
   MicrosoftWindows Version-
TrendmicroServerprotect Version5.8 SwPlatformemc
   MicrosoftWindows Version-
TrendmicroServerprotect Version5.8 SwPlatformnetware
   MicrosoftWindows Version-
TrendmicroServerprotect Version5.8 SwPlatformwindows
   MicrosoftWindows Version-
TrendmicroServerprotect Version6.0 SwPlatformstorage
   MicrosoftWindows Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.604
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.