CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2019-20357 – Trend Micro Security (Consumer) Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2019-20357
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. Se presenta una vulnerabilidad de Ejecución de Código Arbitrario Persistente en la familia de productos de consumo Trend Micro Security 2020 (versiones v160) y 2019 (versión v15), que podría permitir potencialmente a un atacante la capacidad de crear un programa malicioso para escalar privilegios y lograr la persistencia sobre el sistema vulnerable. Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system. • http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx https://seclists.org/bugtraq/2020/Jan/28 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 2CVE-2019-19697 – Trend Micro Security 2019 Security Bypass Protected Service Tampering
https://notcve.org/view.php?id=CVE-2019-19697
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability. Se presenta una vulnerabilidad de ejecución de código arbitrario en la familia de productos de consumo Trend Micro Security 2019 (versión v15), que podría permitir a un atacante alcanzar privilegios elevados y alterar los servicios protegidos al deshabilitarlos o de otro modo impedir que se inicien. Un atacante ya debe poseer privilegios de administrador sobre la máquina de destino para explotar la vulnerabilidad. • http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx https://seclists.org/bugtraq/2020/Jan/29 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-19693 – Trend Micro Maximum Security Link Resolution Information Disclosure And Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-19693
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. La familia de productos de consumo Trend Micro Security 2020, contiene una vulnerabilidad que podría permitir a un atacante local revelar información confidencial o crear una condición de denegación de servicio sobre las instalaciones afectadas. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad. This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx https://www.zerodayinitiative.com/advisories/ZDI-19-1025 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-18190
https://notcve.org/view.php?id=CVE-2019-18190
Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances. Trend Micro Security (Consumer) 2020 (versión v16.x), está afectado por una vulnerabilidad en donde los errores de desreferencia del puntero null resultan en el bloqueo de la aplicación, lo que podría conllevar a la potencial ejecución de código sin firmar bajo determinadas circunstancias. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124031.aspx • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-15628
https://notcve.org/view.php?id=CVE-2019-15628
Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started. Trend Micro Security (Consumer) 2020 (versiones v16.0.1221 y posteriores), está afectado por una vulnerabilidad de secuestro de DLL que podría permitir a un atacante usar un servicio específico como un mecanismo de ejecución y/o persistencia que podría ejecutar un programa malicioso cada vez que el servicio sea iniciado. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628 • CWE-426: Untrusted Search Path •