CVE-2019-9492

Опубликовано: 26 июл. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.

Ссылки

https://success.trendmicro.com/solution/1123045
Patch
Vendor Advisory
https://www.nsslabs.com/blog-posts/2019/7/24/your-advanced-endpoint-protection-aep-product-protects-your-computer-but-can-it-protect-itself
Third Party Advisory
https://success.trendmicro.com/solution/1123045
Patch
Vendor Advisory
https://www.nsslabs.com/blog-posts/2019/7/24/your-advanced-endpoint-protection-aep-product-protects-your-computer-but-can-it-protect-itself
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*

cpe:2.3:a:trendmicro:officescan:xg:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00105

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-426

Связанные уязвимости

GHSA-9gmj-78x4-fxf5

github

больше 3 лет назад