CVE-2019-14685
Trend Maximum Security 2019 Unquoted Search Path
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
Existe una vulnerabilidad de escalada de privilegios locales en Trend Micro Security 2019 (v15.0) en la que, si se explota, permitiría a un atacante manipular una característica específica del producto para cargar un servicio malicioso.
Trend Maximum Security 2019 suffers from an unquoted search path vulnerability. This application provides an unquoted path in the parameter lpApplicationName of the function CreateProcessW during process create PwmConsole.exe --- which is triggered from the feature PC Health Checkup. If an attacker has write permissions to C:\ or C:\Program Files\, it could deliver an arbitrary executable named Program.exe or Trend.exe which would be executed by the coreServiceShell process. coreServiceShell is a privileged process that will run Program.exe with same privilege.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-05 CVE Reserved
- 2019-08-21 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-428: Unquoted Search Path or Element
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx | 2020-08-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Antivirus \+ Security 2019 Search vendor "Trendmicro" for product "Antivirus \+ Security 2019" | 15.0 Search vendor "Trendmicro" for product "Antivirus \+ Security 2019" and version "15.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Trendmicro Search vendor "Trendmicro" | Internet Security 2019 Search vendor "Trendmicro" for product "Internet Security 2019" | 15.0 Search vendor "Trendmicro" for product "Internet Security 2019" and version "15.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Trendmicro Search vendor "Trendmicro" | Maximum Security 2019 Search vendor "Trendmicro" for product "Maximum Security 2019" | 15.0 Search vendor "Trendmicro" for product "Maximum Security 2019" and version "15.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Trendmicro Search vendor "Trendmicro" | Premium Security 2019 Search vendor "Trendmicro" for product "Premium Security 2019" | 15.0 Search vendor "Trendmicro" for product "Premium Security 2019" and version "15.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|