All the vulnerabilites related to trendmicro - premium_security_2020
cve-2019-19693
Vulnerability from cvelistv5
Published
2019-12-20 04:05
Modified
2024-08-05 02:25
Severity ?
EPSS score ?
Summary
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-19-1025/ | x_refsource_MISC | |
| https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:25:12.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1025/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-20T04:05:22",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1025/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-19693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v16)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1025/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1025/"
},
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-19693",
"datePublished": "2019-12-20T04:05:22",
"dateReserved": "2019-12-09T00:00:00",
"dateUpdated": "2024-08-05T02:25:12.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27696
Vulnerability from cvelistv5
Published
2020-11-18 18:45
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:37",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v16)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-27696",
"datePublished": "2020-11-18T18:45:37",
"dateReserved": "2020-10-26T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15602
Vulnerability from cvelistv5
Published
2020-07-15 19:15
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/TMKA-09644 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:29.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted Search Patch RCE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:15:15",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-15602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v16)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Search Patch RCE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-15602",
"datePublished": "2020-07-15T19:15:15",
"dateReserved": "2020-07-07T00:00:00",
"dateUpdated": "2024-08-04T13:22:29.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27695
Vulnerability from cvelistv5
Published
2020-11-18 18:45
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:37",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v16)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-27695",
"datePublished": "2020-11-18T18:45:37",
"dateReserved": "2020-10-26T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20357
Vulnerability from cvelistv5
Published
2020-01-17 23:45
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx | x_refsource_MISC | |
| http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt | x_refsource_MISC | |
| https://seclists.org/bugtraq/2020/Jan/28 | mailing-list, x_refsource_BUGTRAQ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2019 (v15) and 2020 (v16) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2019 (v15) and 2020 (v16) "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Persistent Arbitrary Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T09:06:07",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-20357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2019 (v15) and 2020 (v16) "
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Persistent Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-20357",
"datePublished": "2020-01-17T23:45:25",
"dateReserved": "2020-01-07T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25775
Vulnerability from cvelistv5
Published
2020-09-28 23:30
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/TMKA-09909 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-20-1227/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Security Race Condition Arbitrary File Deletion",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-30T16:28:11",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-25775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v16)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Race Condition Arbitrary File Deletion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-25775",
"datePublished": "2020-09-28T23:30:45",
"dateReserved": "2020-09-18T00:00:00",
"dateUpdated": "2024-08-04T15:40:36.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15628
Vulnerability from cvelistv5
Published
2019-12-02 15:45
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: Version 2020 (16.0.1221 and below) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "Version 2020 (16.0.1221 and below)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Hijacking",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T15:45:14",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-15628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "Version 2020 (16.0.1221 and below)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Hijacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx"
},
{
"name": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628",
"refsource": "MISC",
"url": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-15628",
"datePublished": "2019-12-02T15:45:14",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18190
Vulnerability from cvelistv5
Published
2019-12-09 18:50
Modified
2024-08-05 01:47
Severity ?
EPSS score ?
Summary
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.
References
| ▼ | URL | Tags |
|---|---|---|
| https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (Version 16.x) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:13.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (Version 16.x)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unsigned Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-09T18:50:15",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-18190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (Version 16.x)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsigned Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx",
"refsource": "MISC",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2019-18190",
"datePublished": "2019-12-09T18:50:15",
"dateReserved": "2019-10-17T00:00:00",
"dateUpdated": "2024-08-05T01:47:13.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25251
Vulnerability from cvelistv5
Published
2021-02-10 22:00
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/TMKA-10211 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16), 2021 (v17) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)\r\n",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16), 2021 (v17)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program\u0027s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:34:49",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)\r\n",
"version": {
"version_data": [
{
"version_value": "2020 (v16), 2021 (v17)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program\u0027s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25251",
"datePublished": "2021-02-10T22:00:15",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-27697
Vulnerability from cvelistv5
Published
2020-11-18 18:45
Modified
2024-08-04 16:18
Severity ?
EPSS score ?
Summary
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T18:45:38",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-27697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v16)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-27697",
"datePublished": "2020-11-18T18:45:38",
"dateReserved": "2020-10-26T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15603
Vulnerability from cvelistv5
Published
2020-07-15 19:15
Modified
2024-08-04 13:22
Severity ?
EPSS score ?
Summary
An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/TMKA-09645 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products\u0027 driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Invalid Memory Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T19:15:16",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2020-15603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2020 (v16)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products\u0027 driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Invalid Memory Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2020-15603",
"datePublished": "2020-07-15T19:15:16",
"dateReserved": "2020-07-07T00:00:00",
"dateUpdated": "2024-08-04T13:22:30.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-12-20 16:15
Modified
2024-11-21 04:35
Severity ?
Summary
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-19-1025/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-19-1025/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_security_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6554A6AC-9851-457A-B017-DFD469C8E4AA",
"versionEndExcluding": "16.0.1249",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0DD88B-EE6D-4AA5-97F6-1C62D4A65C79",
"versionEndExcluding": "16.0.1249",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39FDD8D1-455E-43F1-9A83-B36844DB500A",
"versionEndExcluding": "16.0.1249",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6511DB9D-8F30-4009-AD0D-ECABF6C60106",
"versionEndExcluding": "16.0.1249",
"versionStartIncluding": "16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
},
{
"lang": "es",
"value": "La familia de productos de consumo Trend Micro Security 2020, contiene una vulnerabilidad que podr\u00eda permitir a un atacante local revelar informaci\u00f3n confidencial o crear una condici\u00f3n de denegaci\u00f3n de servicio sobre las instalaciones afectadas. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo poco privilegiado en el sistema de destino para explotar esta vulnerabilidad."
}
],
"id": "CVE-2019-19693",
"lastModified": "2024-11-21T04:35:12.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-20T16:15:12.123",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1025/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1025/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-18 00:15
Modified
2024-11-21 04:38
Severity ?
Summary
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt | Exploit, Third Party Advisory | |
| security@trendmicro.com | https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx | Vendor Advisory | |
| security@trendmicro.com | https://seclists.org/bugtraq/2020/Jan/28 | Exploit, Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2020/Jan/28 | Exploit, Issue Tracking, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus_\+_security_2019 | 15.0 | |
| trendmicro | antivirus_\+_security_2020 | 16.0 | |
| trendmicro | internet_security_2019 | 15.0 | |
| trendmicro | internet_security_2020 | 16.0 | |
| trendmicro | maximum_security_2019 | 15.0 | |
| trendmicro | maximum_security_2020 | 16.0 | |
| trendmicro | premium_security_2019 | 15.0 | |
| trendmicro | premium_security_2020 | 16.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2168F0AA-A101-4BB5-8FE7-A2FC0EEC19C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E423D33-9D7E-4270-B7BC-3C4BBAFAFF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9A4D113B-E444-4344-A622-18F122905F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EC00B5-27FD-495A-A810-4B5B7B542E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92C78BD2-C3DC-4592-90A8-24E50A0283DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18879524-F7E4-4FB2-83F1-9C12FC973358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2019:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76DCBC40-BD00-4801-BD3B-B0DD2AAE9639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADF0773-F24D-4E70-A41F-6834F60A1282",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Arbitrario Persistente en la familia de productos de consumo Trend Micro Security 2020 (versiones v160) y 2019 (versi\u00f3n v15), que podr\u00eda permitir potencialmente a un atacante la capacidad de crear un programa malicioso para escalar privilegios y lograr la persistencia sobre el sistema vulnerable."
}
],
"id": "CVE-2019-20357",
"lastModified": "2024-11-21T04:38:18.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-18T00:15:12.233",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"source": "security@trendmicro.com",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/28"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-09 19:15
Modified
2024-11-21 04:32
Severity ?
Summary
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_security_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "087C5695-B486-4B7E-BC02-77E7655D3AF8",
"versionEndExcluding": "16.0.1227",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C37D89D6-F4C7-4CD1-AA6B-D909AB2DC199",
"versionEndExcluding": "16.0.1227",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4414976D-518F-44A7-89F5-6C0161FF9CCD",
"versionEndExcluding": "16.0.1227",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB86832-12B6-4ABF-9C27-1E6733B7D6DF",
"versionEndExcluding": "16.0.1227",
"versionStartIncluding": "16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances."
},
{
"lang": "es",
"value": "Trend Micro Security (Consumer) 2020 (versi\u00f3n v16.x), est\u00e1 afectado por una vulnerabilidad en donde los errores de desreferencia del puntero null resultan en el bloqueo de la aplicaci\u00f3n, lo que podr\u00eda conllevar a la potencial ejecuci\u00f3n de c\u00f3digo sin firmar bajo determinadas circunstancias."
}
],
"id": "CVE-2019-18190",
"lastModified": "2024-11-21T04:32:47.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-09T19:15:14.570",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-18 19:15
Modified
2024-11-21 05:21
Severity ?
Summary
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_security_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C00561E3-418B-4FCD-B1F4-E2ABBB283D82",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2DD545-14EE-4244-9941-DE9423BAEFE1",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD354AF-05D4-434F-9195-D4029AC65001",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B92B18B-6DF1-4924-804C-96ABCBEFBE65",
"versionEndIncluding": "16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product."
},
{
"lang": "es",
"value": "Trend Micro Security 2020 (Consumer) contiene una vulnerabilidad en el paquete de instalaci\u00f3n que podr\u00eda ser explotada al colocar un directorio de sistema de Windows espec\u00edfico que puede conllevar a una obtenci\u00f3n de privilegios administrativos durante la instalaci\u00f3n del producto"
}
],
"id": "CVE-2020-27696",
"lastModified": "2024-11-21T05:21:40.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-18T19:15:11.350",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-02 16:15
Modified
2024-11-21 04:29
Severity ?
Summary
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus_\+_security_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A62D8CA-DB54-4605-8FCE-A50962C30BB3",
"versionEndIncluding": "16.0.1221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03E2F883-D77A-4F62-BCB7-755FCF9100ED",
"versionEndIncluding": "16.0.1221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA47DE9-6F39-48D3-8C95-2327E85639AB",
"versionEndIncluding": "16.0.1221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A837FE6-2D7B-4DF0-A905-5DE2F3E569DD",
"versionEndIncluding": "16.0.1221",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started."
},
{
"lang": "es",
"value": "Trend Micro Security (Consumer) 2020 (versiones v16.0.1221 y posteriores), est\u00e1 afectado por una vulnerabilidad de secuestro de DLL que podr\u00eda permitir a un atacante usar un servicio espec\u00edfico como un mecanismo de ejecuci\u00f3n y/o persistencia que podr\u00eda ejecutar un programa malicioso cada vez que el servicio sea iniciado."
}
],
"id": "CVE-2019-15628",
"lastModified": "2024-11-21T04:29:09.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-02T16:15:12.127",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-29 00:15
Modified
2024-11-21 05:18
Severity ?
Summary
The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://helpcenter.trendmicro.com/en-us/article/TMKA-09909 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-20-1227/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helpcenter.trendmicro.com/en-us/article/TMKA-09909 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-20-1227/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D89F837E-5FE8-40A4-869D-68607B44EF38",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2DD545-14EE-4244-9941-DE9423BAEFE1",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD354AF-05D4-434F-9195-D4029AC65001",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B92B18B-6DF1-4924-804C-96ABCBEFBE65",
"versionEndIncluding": "16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
},
{
"lang": "es",
"value": "La familia de productos de consumo Trend Micro Security 2020 (versi\u00f3n v16), es susceptible a una vulnerabilidad de eliminaci\u00f3n de archivos arbitraria de una condici\u00f3n de carrera de seguridad que podr\u00eda permitir a un usuario poco privilegiado manipular la funcionalidad de borrado seguro del producto para eliminar archivos con un mayor conjunto de privilegios"
}
],
"id": "CVE-2020-25775",
"lastModified": "2024-11-21T05:18:44.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-29T00:15:13.440",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 20:15
Modified
2024-11-21 05:05
Severity ?
Summary
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E864EE-378E-49C3-86A2-865184804BC6",
"versionEndIncluding": "16.0.1146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDD7881-141F-4134-911D-8806E67751AA",
"versionEndIncluding": "16.0.1146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D029A529-3679-4083-8E26-0ABE5D7D98C8",
"versionEndIncluding": "16.0.1146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCDB8EF-9442-4C29-A59E-F9170E675EA5",
"versionEndIncluding": "16.0.1146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota de ruta de b\u00fasqueda no confiable (RCE) en la familia de productos de consumo Trend Micro Secuity 2020 (versiones v16.0.0.1146 y posteriores), podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario en un sistema vulnerable. A medida que el instalador de Trend Micro intenta cargar archivos DLL desde su directorio actual, una DLL arbitraria tambi\u00e9n podr\u00eda ser cargada con los mismos privilegios que el instalador si se ejecuta como Administrador. Se requiere una interacci\u00f3n del usuario para explotar la vulnerabilidad en el sentido de que el objetivo debe abrir un directorio o dispositivo malicioso"
}
],
"id": "CVE-2020-15602",
"lastModified": "2024-11-21T05:05:50.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T20:15:13.443",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-18 19:15
Modified
2024-11-21 05:21
Severity ?
Summary
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_security_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C00561E3-418B-4FCD-B1F4-E2ABBB283D82",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2DD545-14EE-4244-9941-DE9423BAEFE1",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD354AF-05D4-434F-9195-D4029AC65001",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B92B18B-6DF1-4924-804C-96ABCBEFBE65",
"versionEndIncluding": "16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product."
},
{
"lang": "es",
"value": "Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalaci\u00f3n que podr\u00eda ser explotada al colocar una DLL maliciosa en una ubicaci\u00f3n no protegida con altos privilegios (ataque de tipo symlink) que puede conllevar a una obtenci\u00f3n de privilegios administrativos durante la instalaci\u00f3n del producto"
}
],
"id": "CVE-2020-27697",
"lastModified": "2024-11-21T05:21:40.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-18T19:15:11.460",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-18 19:15
Modified
2024-11-21 05:21
Severity ?
Summary
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_security_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C00561E3-418B-4FCD-B1F4-E2ABBB283D82",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2DD545-14EE-4244-9941-DE9423BAEFE1",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD354AF-05D4-434F-9195-D4029AC65001",
"versionEndIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B92B18B-6DF1-4924-804C-96ABCBEFBE65",
"versionEndIncluding": "16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product."
},
{
"lang": "es",
"value": "Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalaci\u00f3n que podr\u00eda ser explotada al colocar una DLL maliciosa en un directorio local que puede conllevar a una obtenci\u00f3n de privilegios administrativos durante la instalaci\u00f3n del producto"
}
],
"id": "CVE-2020-27695",
"lastModified": "2024-11-21T05:21:40.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-18T19:15:11.290",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10036"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-10 22:15
Modified
2024-11-21 05:54
Severity ?
Summary
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_security_2020 | 16.0 | |
| trendmicro | antivirus\+_security_2021 | 17.0 | |
| trendmicro | internet_security_2020 | 16.0 | |
| trendmicro | internet_security_2021 | 17.0 | |
| trendmicro | maximum_security_2020 | 16.0 | |
| trendmicro | maximum_security_2021 | 17.0 | |
| trendmicro | premium_security_2020 | 16.0 | |
| trendmicro | premium_security_2021 | 17.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35B16D47-D892-4407-B413-C53604E54DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2021:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB376CE-FD04-446D-BDFB-DD30C5277E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EC00B5-27FD-495A-A810-4B5B7B542E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2021:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F54EDFC-AA74-4407-92AF-BE5A2E9EB8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18879524-F7E4-4FB2-83F1-9C12FC973358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2021:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "769EDF57-123C-4FE7-93F3-8B773F5D17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADF0773-F24D-4E70-A41F-6834F60A1282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2021:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D77BEF92-897E-4B1E-8F34-A94E238609E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program\u0027s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability."
},
{
"lang": "es",
"value": "Las familias de productos de consumo Trend Micro Security 2020 y 2021, son vulnerables a una vulnerabilidad de inyecci\u00f3n de c\u00f3digo que podr\u00eda permitir a un atacante desactivar la protecci\u00f3n con contrase\u00f1a del programa y desactivar la protecci\u00f3n.\u0026#xa0;Un atacante ya debe tener privilegios de administrador en la m\u00e1quina para explotar esta vulnerabilidad"
}
],
"id": "CVE-2021-25251",
"lastModified": "2024-11-21T05:54:37.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-10T22:15:13.703",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-15 20:15
Modified
2024-11-21 05:05
Severity ?
Summary
An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_2020 | * | |
| trendmicro | internet_security_2020 | * | |
| trendmicro | maximum_security_2020 | * | |
| trendmicro | premium_security_2020 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A538915-6999-434B-8BA1-02C69E76FBD7",
"versionEndIncluding": "16.0.1302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A0AB70-11A2-4E75-898A-80E06AD1D144",
"versionEndIncluding": "16.0.1302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB048F71-F22A-499D-A753-38D93E1C331E",
"versionEndIncluding": "16.0.1302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*",
"matchCriteriaId": "311121E9-84CF-4A84-8E6A-B9EBFF4AF1CC",
"versionEndIncluding": "16.0.1302",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products\u0027 driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."
},
{
"lang": "es",
"value": "Una vulnerabilidad de lectura de memoria no v\u00e1lida en un controlador de la familia de consumidores de productos Trend Micro Secuity 2020 (versiones v16.0.0.1302 y posteriores), podr\u00eda permitir a un atacante manipular el controlador espec\u00edfico para realizar una operaci\u00f3n de llamada del sistema con una direcci\u00f3n no v\u00e1lida, resultando en un fallo del sistema"
}
],
"id": "CVE-2020-15603",
"lastModified": "2024-11-21T05:05:50.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-15T20:15:13.507",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}