CVE-2019-14688

Опубликовано: 20 фев. 2020

Источник: nvd

CVSS3: 7

CVSS2: 5.1

EPSS Низкий

Описание

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.

Ссылки

https://success.trendmicro.com/solution/1123562
Vendor Advisory
https://success.trendmicro.com/solution/1123562
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:control_manager:7.0:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:endpoint_sensor:1.6:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:im_security:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:mobile_security:9.8:*:*:*:enterprise:*:*:*

cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:scanmail:14.0:*:*:*:*:microsoft_exchange:*:*

cpe:2.3:a:trendmicro:security:2019:*:*:*:*:*:*:*

cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:emc:*:*

cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:netware:*:*

cpe:2.3:a:trendmicro:serverprotect:5.8:*:*:*:*:windows:*:*

cpe:2.3:a:trendmicro:serverprotect:6.0:*:*:*:*:storage:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00479

Низкий

7 High

CVSS3

5.1 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-g7xx-c9x7-78fj

github

больше 3 лет назад