Vulnerability Details CVE-2019-9491
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.215
EPSS Ranking 95.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 5.1
References
- http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt
- http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html
- http://seclists.org/fulldisclosure/2019/Oct/42
- http://seclists.org/fulldisclosure/2020/Jan/50
- https://seclists.org/bugtraq/2019/Oct/30
- https://seclists.org/bugtraq/2020/Jan/55
- https://success.trendmicro.com/solution/000149878
- http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt
- http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html
- http://seclists.org/fulldisclosure/2019/Oct/42
- http://seclists.org/fulldisclosure/2020/Jan/50
- https://seclists.org/bugtraq/2019/Oct/30
- https://seclists.org/bugtraq/2020/Jan/55
- https://success.trendmicro.com/solution/000149878
Products affected by CVE-2019-9491
-
cpe:2.3:a:trendmicro:anti-threat_toolkit:-
-
cpe:2.3:a:trendmicro:anti-threat_toolkit:1.62.0.1218
-
cpe:2.3:o:microsoft:windows:-