Vulnerability Details CVE-2019-9492
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://success.trendmicro.com/solution/1123045
- https://www.nsslabs.com/blog-posts/2019/7/24/your-advanced-endpoint-protection-aep-product-protects-your-computer-but-can-it-protect-itself
- https://success.trendmicro.com/solution/1123045
- https://www.nsslabs.com/blog-posts/2019/7/24/your-advanced-endpoint-protection-aep-product-protects-your-computer-but-can-it-protect-itself
Products affected by CVE-2019-9492
-
cpe:2.3:a:trendmicro:officescan:11.0
-
cpe:2.3:a:trendmicro:officescan:xg
-
cpe:2.3:o:microsoft:windows:-