CVE-2019-15628

Published: Dic 02, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2019-6585 Aliases: GSD-2019-15628
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM 6,9
Source: [email protected]
Access Vector: local
Access Complexity: medium
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0024
Percentile
0,5th
Updated

EPSS Score Trend (Last 90 Days)

426

Untrusted Search Path

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Access Control
Potential Impacts:
Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: High
View CWE Details
Application

Internet Security 2020 by Trendmicro

Product Information
Vendor Trendmicro
Product Internet Security 2020
Version Range Affected
To 16.0.1221 (inclusive)
cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Antivirus \+ Security 2020 by Trendmicro

Product Information
Vendor Trendmicro
Product Antivirus \+ Security 2020
Version Range Affected
To 16.0.1221 (inclusive)
cpe:2.3:a:trendmicro:antivirus_\+_security_2020:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Premium Security 2020 by Trendmicro

Product Information
Vendor Trendmicro
Product Premium Security 2020
Version Range Affected
To 16.0.1221 (inclusive)
cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Maximum Security 2020 by Trendmicro

Product Information
Vendor Trendmicro
Product Maximum Security 2020
Version Range Affected
To 16.0.1221 (inclusive)
cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://esupport.trendmicro.com/en-us/home/pages/technical-…
Vendor Advisory
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx
https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Sea…
Third Party Advisory
https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-…
https://esupport.trendmicro.com/en-us/home/pages/technical-…
Vendor Advisory
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx
https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Sea…
Third Party Advisory
https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-…