Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15602

An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.

Published

2020-07-15T20:15:13.443

Last Modified

2024-11-21T05:05:50.460

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-426

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	antivirus\+_2020	≤ 16.0.1146	Yes
Application	trendmicro	internet_security_2020	≤ 16.0.1146	Yes
Application	trendmicro	maximum_security_2020	≤ 16.0.1146	Yes
Application	trendmicro	premium_security_2020	≤ 16.0.1146	Yes
Operating System	microsoft	windows	-	No

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-09644 Vendor Advisory ([email protected])
https://helpcenter.trendmicro.com/en-us/article/TMKA-09644 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)