12 matches found
CVE-2019-20357
The connected records confirm CVE-2019-20357 is a Persistent Arbitrary Code Execution vulnerability in the Trend Micro Security (Consumer) line, specifically affecting the 2020 (v160) and 2019 (v15) consumer products. The vulnerability is described as allowing an attacker to create a malicious pr...
CVE-2021-25251
CVE-2021-25251 affects Trend Micro Security (Consumer) 2020 and 2021 families. The vulnerability is a code injection flaw (CWE-94) that could allow an attacker with administrative privileges to execute arbitrary code and disable the program’s password protection and protection. The impact is desc...
CVE-2020-25775
CVE-2020-25775 affects Trend Micro Security 2020 (Consumer) and related products. Multiple connected sources describe a race condition in the Secure Erase feature that could let an unprivileged/local attacker delete files with higher privileges by abusing the feature’s file handling (vulnerabilit...
CVE-2019-19693
Concrete details exist for CVE-2019-19693: Trend Micro Security 2020 consumer products are affected by a local information-disclosure and DoS vulnerability. A local attacker must execute low-privileged code to exploit the flaw, which in some disclosures is tied to junction handling and file syste...
CVE-2021-36744
CVE-2021-36744: A directory junction vulnerability exists in Trend Micro Maximum Security/consumer components (as discussed in ZDI advisory) that allows a local attacker with low privileges to create a directory junction via the Maximum Security Agent, enabling denial-of-service by deleting a fil...
CVE-2020-27696
Summary of CVE-2020-27696 : Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that can be exploited by placing a specific Windows system directory, enabling elevation to administrator during product installation. The root cause is linked to the installer’s han...
CVE-2020-15602
The CVE-2020-15602 entry concerns Trend Micro Security 2020 (Consumer) up to v16.0.0.1146, where the installer can load DLLs from its current directory, enabling an untrusted search path to execute arbitrary code with the installer's privileges. Exploitation requires user action to open a malicio...
CVE-2019-18190
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a null pointer dereference vulnerability that can crash the application and potentially allow unsigned code execution under certain circumstances. The connected documents describe the issue as a null pointer dereference without detailing...
CVE-2020-15603
CVE-2020-15603 affects Trend Micro Security (Consumer) Driver in the 2020 suite (v16.0.0.1302 and below). The vulnerability is an out-of-bounds/invalid memory read that could allow a local user to manipulate the driver to perform a system call on an invalid address, potentially crashing the syste...
CVE-2019-15628
CVE-2019-15628 affects Trend Micro Security (Consumer) 2020 (v16.0.1221 and below). The issue is a DLL hijacking vulnerability that could let an attacker leverage a specific service as an execution and/or persistence mechanism, causing a malicious program to run each time the service starts. Conn...
CVE-2020-27695
CVE-2020-27695 affects Trend Micro Security 2020 (Consumer) and is described as a local elevation-of-privilege vulnerability in the product’s installer. The issue involves placing a malicious DLL in a local directory, which could lead to administrative privileges during installation. Connected so...
CVE-2020-27697
CVE-2020-27697 : Trend Micro Security 2020 (Consumer) installer package vulnerable to a local privilege escalation via a symlink attack (placing a malicious DLL in an unprotected, high-privilege location) during installation. Multiple sources report this as a local elevation-of-privilege issue af...