Vulnerability Details CVE-2019-14685
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html
- http://seclists.org/fulldisclosure/2019/Aug/26
- https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx
- https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68
- http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html
- http://seclists.org/fulldisclosure/2019/Aug/26
- https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx
- https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68
Products affected by CVE-2019-14685
-
cpe:2.3:a:trendmicro:antivirus_+_security_2019:15.0
-
cpe:2.3:a:trendmicro:internet_security_2019:15.0
-
cpe:2.3:a:trendmicro:maximum_security_2019:15.0
-
cpe:2.3:a:trendmicro:premium_security_2019:15.0
-
cpe:2.3:o:microsoft:windows:-