CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 0CVE-2019-14688
https://notcve.org/view.php?id=CVE-2019-14688
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. Trend Micro ha reempaquetado instaladores para varios productos de Trend Micro que usaron una versión de un paquete de instalación que tenía una vulnerabilidad de secuestro de DLL, que podría ser explotada durante la instalación de un nuevo producto. Se encontró que la vulnerabilidad SOLO es explotable durante la instalación inicial del producto por parte de un usuario autorizado. • https://success.trendmicro.com/solution/1123562 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6218
https://notcve.org/view.php?id=CVE-2018-6218
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Una vulnerabilidad de secuestro de DLL en Trend Micro's User-Mode Hooking Module (UMH) podría permitir que un atacante ejecute código arbitrario en un sistema vulnerable. • http://www.securityfocus.com/bid/103096 https://jvn.jp/jp/JVN28865183 https://success.trendmicro.com/jp/solution/1119348 https://success.trendmicro.com/solution/1119326 • CWE-426: Untrusted Search Path •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6798
https://notcve.org/view.php?id=CVE-2017-6798
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. Trend Micro Endpoint Sensor 1.6 en versiones anteriores a b1290 tiene una vulnerabilidad de secuestro de DLL que permite a atacantes remotos ejecutar código arbitrario, vulnerabilidad también conocida como Trend Micro Vulnerability Identifier 2015-0208. • http://www.securityfocus.com/bid/96857 https://success.trendmicro.com/solution/1116827 • CWE-426: Untrusted Search Path •