An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Antivirus_+_security_2019 | Trendmicro | 15.0 (including) | 15.0 (including) |
| Internet_security_2019 | Trendmicro | 15.0 (including) | 15.0 (including) |
| Maximum_security_2019 | Trendmicro | 15.0 (including) | 15.0 (including) |
| Premium_security_2019 | Trendmicro | 15.0 (including) | 15.0 (including) |
References
- http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt
- https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx
- https://seclists.org/bugtraq/2020/Jan/29
- http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt
- https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx
- https://seclists.org/bugtraq/2020/Jan/29