Lucene search

[email protected]CVE-2019-15628

HistoryDec 02, 2019 - 4:15 p.m.

CVE-2019-15628

2019-12-0216:15:12

CWE-426

[email protected]

web.nvd.nist.gov

trend micro

security

consumer

2020

dll hijacking

vulnerability

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

Affected configurations

NVD

Node

trendmicroantivirus_\+_security_2020Range≤16.0.1221

trendmicrointernet_security_2020Range≤16.0.1221

trendmicromaximum_security_2020Range≤16.0.1221

trendmicropremium_security_2020Range≤16.0.1221

AND

microsoftwindowsMatch-

CPENameOperatorVersion
trendmicro:antivirus_\+_security_2020trendmicro antivirus + security 2020le16.0.1221
trendmicro:internet_security_2020trendmicro internet security 2020le16.0.1221
trendmicro:maximum_security_2020trendmicro maximum security 2020le16.0.1221
trendmicro:premium_security_2020trendmicro premium security 2020le16.0.1221

CPE	Name	Operator	Version
trendmicro:antivirus_\+_security_2020	trendmicro antivirus + security 2020	le	16.0.1221
trendmicro:internet_security_2020	trendmicro internet security 2020	le	16.0.1221
trendmicro:maximum_security_2020	trendmicro maximum security 2020	le	16.0.1221
trendmicro:premium_security_2020	trendmicro premium security 2020	le	16.0.1221

CNA Affected

[
  {
    "product": "Trend Micro Security (Consumer)",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "Version 2020 (16.0.1221 and below)"
      }
    ]
  }
]

References

esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx

safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for CVE-2019-15628

prion1 nvd1 cvelist1