Maximum Security 2022 Security Vulnerabilities and Issues — Maximum Security 2022 CVE List

TrendmicroMaximum Security 2022

7 matches found

CVE•added 2023/01/18 11:7 p.m.•56 views

CVE-2022-48191

CVE-2022-48191 affects Trend Micro Maximum Security 2022 (17.7). The flaw is in the Damage Cleanup Engine: a low-privileged user can write a malicious executable to a specific location and, during deletion/restoration, an attacker could replace the original folder with a mount point to an arbitra...

7CVSS7AI score0.00192EPSS

CVE•added 2024/06/10 9:17 p.m.•55 views

CVE-2024-32849

The CVE-2024-32849 entry concerns Trend Micro Security 17.x (Consumer). A Privilege Escalation flaw exists in the coreServiceShell due to incorrect link resolution, enabling a local attacker to delete privileged Trend Micro files (including its own). Public sources (ZDI advisory ZDI-24-576 and JV...

7.8CVSS6.6AI score0.00256EPSS

CVE•added 2022/05/26 11:25 p.m.•53 views

CVE-2022-30687

Trend Micro Maximum Security 2022 is vulnerable to a link-following vulnerability in the Secure Erase feature. A local, low-privileged attacker can manipulate a user-supplied link during file access to delete arbitrary files. Root cause: improper validation of the link prior to file operations. A...

7.1CVSS6.7AI score0.00432EPSS

CVE•added 2023/06/26 9:52 p.m.•47 views

CVE-2023-28929

CVE-2023-28929 affects Trend Micro Security (consumer editions) 2021–2023. The issue is a DLL hijacking flaw (CWE-427) where loading a malicious DLL via a vulnerable executable may allow arbitrary code execution or execution of a malicious program each time the executable starts. Affected product...

7.8CVSS7.6AI score0.00367EPSS

CVE•added 2025/07/10 6:57 p.m.•32 views

CVE-2025-52521

CVE-2025-52521 affects Trend Micro Security 17.8 (Consumer). The flaw is a link-following local privilege escalation that lets a local attacker delete privileged Trend Micro files, including the software itself. Public technical details from ZDI indicate the issue lies in the Regain Disk Space fu...

7.8CVSS6.9AI score0.00331EPSS

CVE•added 2025/06/17 8:40 p.m.•28 views

CVE-2025-49385

CVE-2025-49385 affects Trend Micro Security 17.8 (Consumer). The vulnerability is a local privilege escalation via link following that could allow a local attacker to delete privileged Trend Micro files, including the product’s own files. Exploitation requires local access with low privileges and...

7.8CVSS7.6AI score0.00143EPSS

CVE•added 2025/06/17 8:40 p.m.•20 views

CVE-2025-49384

CVE-2025-49384 affects Trend Micro Security 17.8 (Consumer). The root cause is a link-following path in the Platinum Host Service that can be abused by a local attacker who can execute low-privilege code to trigger a symbolic link and cause deletion of privileged Trend Micro files (including its ...

7.8CVSS7.7AI score0.0014EPSS