CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27697
https://notcve.org/view.php?id=CVE-2020-27697
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar una DLL maliciosa en una ubicación no protegida con altos privilegios (ataque de tipo symlink) que puede conllevar a una obtención de privilegios administrativos durante la instalación del producto • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27695
https://notcve.org/view.php?id=CVE-2020-27695
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar una DLL maliciosa en un directorio local que puede conllevar a una obtención de privilegios administrativos durante la instalación del producto • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27696
https://notcve.org/view.php?id=CVE-2020-27696
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer) contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar un directorio de sistema de Windows específico que puede conllevar a una obtención de privilegios administrativos durante la instalación del producto • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27015 – Trend Micro Antivirus for Mac Error Message Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-27015
Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. Trend Micro Antivirus for Mac 2020 (Consumer) contiene una vulnerabilidad de divulgación de información de mensajes de error que, si se explota, podría permitir que los punteros del núcleo y los mensajes de depuración se filtraran al terreno de los usuarios. Un atacante debe obtener primero la capacidad de ejecutar código de alto privilegio en el sistema objetivo para poder explotar esta vulnerabilidad This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Antivirus for Mac. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the KERedirect kext. • https://helpcenter.trendmicro.com/en-us/article/TMKA-09975 https://www.zerodayinitiative.com/advisories/ZDI-20-1286 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27014 – Trend Micro Antivirus for Mac Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-27014
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. Trend Micro Antivirus for Mac 2020 (Consumer) contiene una vulnerabilidad de condición de carrera en el componente Web Threat Protection Blocklist, que si se explota, podría permitir a un atacante provocar el pánico o el colapso del núcleo. \n\n\r\n. Un atacante debe obtener primero la capacidad de ejecutar código de alto privilegio en el sistema objetivo para explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Antivirus for Mac. • https://helpcenter.trendmicro.com/en-us/article/TMKA-09974 https://www.zerodayinitiative.com/advisories/ZDI-20-1285 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •