exploitDog

CVE-2019-14684

Опубликовано: 20 авг. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 9.3

EPSS Низкий

Описание

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.

Ссылки

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx
Vendor Advisory
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
Exploit
Third Party Advisory
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx
Vendor Advisory
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:password_manager:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00394

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-rh2p-w62g-2f9q

github

больше 3 лет назад

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.

EPSS

Процентиль: 60%

0.00394

Низкий

7.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-427