CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2019-20358 – TrendMicro Anti-Threat Toolkit Improper Fix
https://notcve.org/view.php?id=CVE-2019-20358
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. Trend Micro Anti-Threat Toolkit (ATTK) versiones 1.62.0.1218 y por debajo, presenta una vulnerabilidad que puede permitir a un atacante colocar archivos maliciosos en el mismo directorio, conllevando potencialmente a una ejecución de código remota (RCE) arbitraria cuando se ejecuto. Otro vector de ataque similar al CVE-2019-9491 se identificó y resolvió en la versión 1.62.0.1228 de la herramienta. • http://seclists.org/fulldisclosure/2020/Jan/50 https://seclists.org/bugtraq/2020/Jan/55 https://success.trendmicro.com/solution/000149878 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 6CVE-2019-9491 – Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-9491
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Trend Micro Anti-Threat Toolkit (ATTK) versiones 1.62.0.1218 y posteriores, presenta una vulnerabilidad que puede permitir a un atacante colocar archivos maliciosos en el mismo directorio, conllevando potencialmente a la ejecución de código remoto arbitrario (RCE) cuando se ejecuta. • https://www.exploit-db.com/exploits/47527 http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html http://seclists.org/fulldisclosure/2019/Oct/42 http://seclists.org/fulldisclosure/2020/Jan/50 https://seclists.org/bugtraq/2019/Oct/30 https://seclists.org/bugtraq/2020/Jan/55 https://success.trendmicro.com/solution/000149878 • CWE-427: Uncontrolled Search Path Element •