7.8

CVE-2019-9491

Exploit
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrendmicroAnti-threat Toolkit Version <= 1.62.0.1218
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.94% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt
http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2019/Oct/42
Third Party Advisory
Exploit
Mailing List
http://seclists.org/fulldisclosure/2020/Jan/50
Third Party Advisory
Exploit
Mailing List
https://seclists.org/bugtraq/2019/Oct/30
Third Party Advisory
Exploit
Mailing List
https://seclists.org/bugtraq/2020/Jan/55
Third Party Advisory
Exploit
Mailing List
https://success.trendmicro.com/solution/000149878
Vendor Advisory