CVE-2019-19693
Trend Micro Maximum Security Link Resolution Information Disclosure And Denial-of-Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
La familia de productos de consumo Trend Micro Security 2020, contiene una vulnerabilidad que podría permitir a un atacante local revelar información confidencial o crear una condición de denegación de servicio sobre las instalaciones afectadas. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad.
This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of junctions. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-09 CVE Reserved
- 2019-12-19 CVE Published
- 2023-12-12 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-19-1025 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Trendmicro Search vendor "Trendmicro" | Antivirus\+ Security 2020 Search vendor "Trendmicro" for product "Antivirus\+ Security 2020" | >= 16.0 < 16.0.1249 Search vendor "Trendmicro" for product "Antivirus\+ Security 2020" and version " >= 16.0 < 16.0.1249" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Trendmicro Search vendor "Trendmicro" | Internet Security 2020 Search vendor "Trendmicro" for product "Internet Security 2020" | >= 16.0 < 16.0.1249 Search vendor "Trendmicro" for product "Internet Security 2020" and version " >= 16.0 < 16.0.1249" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Trendmicro Search vendor "Trendmicro" | Maximum Security 2020 Search vendor "Trendmicro" for product "Maximum Security 2020" | >= 16.0 < 16.0.1249 Search vendor "Trendmicro" for product "Maximum Security 2020" and version " >= 16.0 < 16.0.1249" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Trendmicro Search vendor "Trendmicro" | Premium Security 2020 Search vendor "Trendmicro" for product "Premium Security 2020" | >= 16.0 < 16.0.1249 Search vendor "Trendmicro" for product "Premium Security 2020" and version " >= 16.0 < 16.0.1249" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|