Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-14688

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.

Published

2020-02-20T23:15:20.147

Last Modified

2024-11-21T04:27:08.583

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

4.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	control_manager	7.0	Yes
Application	trendmicro	endpoint_sensor	1.6	Yes
Application	trendmicro	im_security	1.6.5	Yes
Application	trendmicro	mobile_security	9.8	Yes
Application	trendmicro	officescan	xg	Yes
Application	trendmicro	scanmail	14.0	Yes
Application	trendmicro	security	2019	Yes
Application	trendmicro	serverprotect	5.8	Yes
Application	trendmicro	serverprotect	5.8	Yes
Application	trendmicro	serverprotect	5.8	Yes
Application	trendmicro	serverprotect	6.0	Yes
Operating System	microsoft	windows	-	No

References

https://success.trendmicro.com/solution/1123562 Vendor Advisory ([email protected])
https://success.trendmicro.com/solution/1123562 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)