Search criteria
15 vulnerabilities found for antivirus_\+_security_2019 by trendmicro
FKIE_CVE-2019-19694
Vulnerability from fkie_nvd - Published: 2020-02-20 23:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely..
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus_\+_security_2019 | * | |
| trendmicro | internet_security_2019 | * | |
| trendmicro | maximum_security_2019 | * | |
| trendmicro | officescan_cloud | 15 | |
| trendmicro | premium_security_2019 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53529C20-D5BB-4574-B0C8-59B6FA89DB0B",
"versionEndIncluding": "15.0.0.1163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C010D439-B518-4FE4-A47E-F3D40F06761B",
"versionEndIncluding": "15.0.0.1163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0308D32-E3C5-4DF1-B94C-8607D18470E9",
"versionEndIncluding": "15.0.0.1163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:officescan_cloud:15:*:*:*:*:*:*:*",
"matchCriteriaId": "7D4FDFB7-9F82-47F2-B265-916BFCE0A0EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "453C7082-394D-4D5D-9EEE-69AEAFC657C5",
"versionEndIncluding": "15.0.0.1163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product\u0027s malware protection functions or the entire product completely.."
},
{
"lang": "es",
"value": "La familia de productos del consumidor de Trend Micro Security 2019 (versiones 15.0.0.1163 y posteriores), es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) en el que un actor malicioso podr\u00eda manipular un archivo clave en un momento determinado durante el proceso de inicio del sistema para deshabilitar las funciones de protecci\u00f3n de malware del producto o todo el producto por completo."
}
],
"id": "CVE-2019-19694",
"lastModified": "2024-11-21T04:35:12.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-20T23:15:20.270",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN02921757/"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/jp/JVN02921757/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN02921757/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/jp/JVN02921757/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-20357
Vulnerability from fkie_nvd - Published: 2020-01-18 00:15 - Updated: 2024-11-21 04:38
Severity ?
Summary
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx | Vendor Advisory | |
| security@trendmicro.com | https://seclists.org/bugtraq/2020/Jan/28 | Exploit, Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2020/Jan/28 | Exploit, Issue Tracking, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus_\+_security_2019 | 15.0 | |
| trendmicro | antivirus_\+_security_2020 | 16.0 | |
| trendmicro | internet_security_2019 | 15.0 | |
| trendmicro | internet_security_2020 | 16.0 | |
| trendmicro | maximum_security_2019 | 15.0 | |
| trendmicro | maximum_security_2020 | 16.0 | |
| trendmicro | premium_security_2019 | 15.0 | |
| trendmicro | premium_security_2020 | 16.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2168F0AA-A101-4BB5-8FE7-A2FC0EEC19C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E423D33-9D7E-4270-B7BC-3C4BBAFAFF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4D113B-E444-4344-A622-18F122905F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EC00B5-27FD-495A-A810-4B5B7B542E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92C78BD2-C3DC-4592-90A8-24E50A0283DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18879524-F7E4-4FB2-83F1-9C12FC973358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76DCBC40-BD00-4801-BD3B-B0DD2AAE9639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADF0773-F24D-4E70-A41F-6834F60A1282",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Arbitrario Persistente en la familia de productos de consumo Trend Micro Security 2020 (versiones v160) y 2019 (versi\u00f3n v15), que podr\u00eda permitir potencialmente a un atacante la capacidad de crear un programa malicioso para escalar privilegios y lograr la persistencia sobre el sistema vulnerable."
}
],
"id": "CVE-2019-20357",
"lastModified": "2024-11-21T04:38:18.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-18T00:15:12.233",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-19697
Vulnerability from fkie_nvd - Published: 2020-01-18 00:15 - Updated: 2024-11-21 04:35
Severity ?
Summary
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| security@trendmicro.com | http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx | Vendor Advisory | |
| security@trendmicro.com | https://seclists.org/bugtraq/2020/Jan/29 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2020/Jan/29 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus_\+_security_2019 | 15.0 | |
| trendmicro | internet_security_2019 | 15.0 | |
| trendmicro | maximum_security_2019 | 15.0 | |
| trendmicro | premium_security_2019 | 15.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2168F0AA-A101-4BB5-8FE7-A2FC0EEC19C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4D113B-E444-4344-A622-18F122905F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92C78BD2-C3DC-4592-90A8-24E50A0283DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76DCBC40-BD00-4801-BD3B-B0DD2AAE9639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario en la familia de productos de consumo Trend Micro Security 2019 (versi\u00f3n v15), que podr\u00eda permitir a un atacante alcanzar privilegios elevados y alterar los servicios protegidos al deshabilitarlos o de otro modo impedir que se inicien. Un atacante ya debe poseer privilegios de administrador sobre la m\u00e1quina de destino para explotar la vulnerabilidad."
}
],
"id": "CVE-2019-19697",
"lastModified": "2024-11-21T04:35:12.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-18T00:15:12.187",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/29"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-14686
Vulnerability from fkie_nvd - Published: 2019-08-21 20:15 - Updated: 2024-11-21 04:27
Severity ?
Summary
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus_\+_security_2019 | 15.0 | |
| trendmicro | internet_security_2019 | 15.0 | |
| trendmicro | maximum_security_2019 | 15.0 | |
| trendmicro | premium_security_2019 | 15.0 | |
| trendmicro | ransom_buster | 1.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2168F0AA-A101-4BB5-8FE7-A2FC0EEC19C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4D113B-E444-4344-A622-18F122905F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92C78BD2-C3DC-4592-90A8-24E50A0283DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76DCBC40-BD00-4801-BD3B-B0DD2AAE9639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:ransom_buster:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7672DE13-85C2-4280-B774-65998B0EB1B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A DLL hijacking vulnerability exists in the Trend Micro Security\u0027s 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de secuestro de DLL en el componente Folder Shield de la familia de productos de consumo de Trend Micro Security 2019 (v15) y la herramienta independiente Trend Micro Ransom Buster (1.0) en la que, si se explota, permitir\u00eda a un atacante cargar una DLL maliciosa, lo que llevar\u00eda a Privilegios elevados."
}
],
"id": "CVE-2019-14686",
"lastModified": "2024-11-21T04:27:08.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-21T20:15:12.790",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-14685
Vulnerability from fkie_nvd - Published: 2019-08-21 20:15 - Updated: 2024-11-21 04:27
Severity ?
Summary
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus_\+_security_2019 | 15.0 | |
| trendmicro | internet_security_2019 | 15.0 | |
| trendmicro | maximum_security_2019 | 15.0 | |
| trendmicro | premium_security_2019 | 15.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2168F0AA-A101-4BB5-8FE7-A2FC0EEC19C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4D113B-E444-4344-A622-18F122905F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92C78BD2-C3DC-4592-90A8-24E50A0283DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76DCBC40-BD00-4801-BD3B-B0DD2AAE9639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escalada de privilegios locales en Trend Micro Security 2019 (v15.0) en la que, si se explota, permitir\u00eda a un atacante manipular una caracter\u00edstica espec\u00edfica del producto para cargar un servicio malicioso."
}
],
"id": "CVE-2019-14685",
"lastModified": "2024-11-21T04:27:08.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-21T20:15:12.710",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html"
},
{
"source": "security@trendmicro.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/26"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-19694 (GCVE-0-2019-19694)
Vulnerability from cvelistv5 – Published: 2020-02-20 22:50 – Updated: 2024-08-05 02:25
VLAI?
Summary
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely..
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) |
Affected:
2019 (v15.0.0.1163 and below)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN02921757/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/jp/JVN02921757/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (v15.0.0.1163 and below)\r\n "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product\u0027s malware protection functions or the entire product completely.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-20T22:50:23",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN02921757/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/jp/JVN02921757/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-19694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (v15.0.0.1163 and below)\r\n "
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product\u0027s malware protection functions or the entire product completely.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"
},
{
"name": "https://jvn.jp/en/jp/JVN02921757/",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN02921757/"
},
{
"name": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"
},
{
"name": "https://jvn.jp/jp/JVN02921757/",
"refsource": "MISC",
"url": "https://jvn.jp/jp/JVN02921757/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-19694",
"datePublished": "2020-02-20T22:50:23",
"dateReserved": "2019-12-09T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20357 (GCVE-0-2019-20357)
Vulnerability from cvelistv5 – Published: 2020-01-17 23:45 – Updated: 2024-08-05 02:39
VLAI?
Summary
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
Severity ?
No CVSS data available.
CWE
- Persistent Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) |
Affected:
2019 (v15) and 2020 (v16)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (v15) and 2020 (v16) "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T09:06:07",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-20357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (v15) and 2020 (v16) "
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-20357",
"datePublished": "2020-01-17T23:45:25",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19697 (GCVE-0-2019-19697)
Vulnerability from cvelistv5 – Published: 2020-01-17 23:45 – Updated: 2024-08-05 02:25
VLAI?
Summary
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.
Severity ?
No CVSS data available.
CWE
- Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) |
Affected:
2019 (v15)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt"
},
{
"name": "20200120 Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (v15) "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T09:06:06",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt"
},
{
"name": "20200120 Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-19697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (v15) "
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt"
},
{
"name": "20200120 Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/29"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-19697",
"datePublished": "2020-01-17T23:45:25",
"dateReserved": "2019-12-09T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14686 (GCVE-0-2019-14686)
Vulnerability from cvelistv5 – Published: 2019-08-21 19:42 – Updated: 2024-08-05 00:26
VLAI?
Summary
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.
Severity ?
No CVSS data available.
CWE
- DLL Hijacking
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Ransom Buster, Trend Micro Security (Consumer) |
Affected:
Ransom Buster 1.0, Trend Micro Security 2019 (v15.0)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:37.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Ransom Buster, Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "Ransom Buster 1.0, Trend Micro Security 2019 (v15.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A DLL hijacking vulnerability exists in the Trend Micro Security\u0027s 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T19:42:17",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-14686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Ransom Buster, Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "Ransom Buster 1.0, Trend Micro Security 2019 (v15.0)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL hijacking vulnerability exists in the Trend Micro Security\u0027s 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-14686",
"datePublished": "2019-08-21T19:42:17",
"dateReserved": "2019-08-05T00:00:00",
"dateUpdated": "2024-08-05T00:26:37.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14685 (GCVE-0-2019-14685)
Vulnerability from cvelistv5 – Published: 2019-08-21 19:41 – Updated: 2024-08-05 00:26
VLAI?
Summary
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) |
Affected:
2019 (15.0)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:37.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx"
},
{
"name": "20190825 Unquoted Path - Trend Micro",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (15.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T17:06:11",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx"
},
{
"name": "20190825 Unquoted Path - Trend Micro",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-14685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (15.0)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68",
"refsource": "MISC",
"url": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68"
},
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx"
},
{
"name": "20190825 Unquoted Path - Trend Micro",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/26"
},
{
"name": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-14685",
"datePublished": "2019-08-21T19:41:36",
"dateReserved": "2019-08-05T00:00:00",
"dateUpdated": "2024-08-05T00:26:37.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19694 (GCVE-0-2019-19694)
Vulnerability from nvd – Published: 2020-02-20 22:50 – Updated: 2024-08-05 02:25
VLAI?
Summary
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the entire product completely..
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) |
Affected:
2019 (v15.0.0.1163 and below)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN02921757/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/jp/JVN02921757/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (v15.0.0.1163 and below)\r\n "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product\u0027s malware protection functions or the entire product completely.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-20T22:50:23",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN02921757/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/jp/JVN02921757/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-19694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (v15.0.0.1163 and below)\r\n "
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product\u0027s malware protection functions or the entire product completely.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124056.aspx"
},
{
"name": "https://jvn.jp/en/jp/JVN02921757/",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN02921757/"
},
{
"name": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/support/vb/solution/ja-jp/1124058.aspx"
},
{
"name": "https://jvn.jp/jp/JVN02921757/",
"refsource": "MISC",
"url": "https://jvn.jp/jp/JVN02921757/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-19694",
"datePublished": "2020-02-20T22:50:23",
"dateReserved": "2019-12-09T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20357 (GCVE-0-2019-20357)
Vulnerability from nvd – Published: 2020-01-17 23:45 – Updated: 2024-08-05 02:39
VLAI?
Summary
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
Severity ?
No CVSS data available.
CWE
- Persistent Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) |
Affected:
2019 (v15) and 2020 (v16)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (v15) and 2020 (v16) "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T09:06:07",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-20357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (v15) and 2020 (v16) "
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-20357",
"datePublished": "2020-01-17T23:45:25",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19697 (GCVE-0-2019-19697)
Vulnerability from nvd – Published: 2020-01-17 23:45 – Updated: 2024-08-05 02:25
VLAI?
Summary
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.
Severity ?
No CVSS data available.
CWE
- Arbitrary Code Execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) |
Affected:
2019 (v15)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.336Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt"
},
{
"name": "20200120 Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (v15) "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T09:06:06",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt"
},
{
"name": "20200120 Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/29"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-19697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (v15) "
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt"
},
{
"name": "20200120 Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/29"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-19697",
"datePublished": "2020-01-17T23:45:25",
"dateReserved": "2019-12-09T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14686 (GCVE-0-2019-14686)
Vulnerability from nvd – Published: 2019-08-21 19:42 – Updated: 2024-08-05 00:26
VLAI?
Summary
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.
Severity ?
No CVSS data available.
CWE
- DLL Hijacking
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Ransom Buster, Trend Micro Security (Consumer) |
Affected:
Ransom Buster 1.0, Trend Micro Security 2019 (v15.0)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:37.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Ransom Buster, Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "Ransom Buster 1.0, Trend Micro Security 2019 (v15.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A DLL hijacking vulnerability exists in the Trend Micro Security\u0027s 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T19:42:17",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-14686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Ransom Buster, Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "Ransom Buster 1.0, Trend Micro Security 2019 (v15.0)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL hijacking vulnerability exists in the Trend Micro Security\u0027s 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-14686",
"datePublished": "2019-08-21T19:42:17",
"dateReserved": "2019-08-05T00:00:00",
"dateUpdated": "2024-08-05T00:26:37.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14685 (GCVE-0-2019-14685)
Vulnerability from nvd – Published: 2019-08-21 19:41 – Updated: 2024-08-05 00:26
VLAI?
Summary
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
Severity ?
No CVSS data available.
CWE
- Local Privilege Escalation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Trend Micro | Trend Micro Security (Consumer) |
Affected:
2019 (15.0)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:37.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx"
},
{
"name": "20190825 Unquoted Path - Trend Micro",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (15.0)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T17:06:11",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx"
},
{
"name": "20190825 Unquoted Path - Trend Micro",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-14685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (15.0)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68",
"refsource": "MISC",
"url": "https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68"
},
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx"
},
{
"name": "20190825 Unquoted Path - Trend Micro",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/26"
},
{
"name": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-14685",
"datePublished": "2019-08-21T19:41:36",
"dateReserved": "2019-08-05T00:00:00",
"dateUpdated": "2024-08-05T00:26:37.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}