CVE-2019-14684

HIGH

Trend Micro Password Manager 5.0 - DLL Hijacking

Title source: llm

Description

A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.

References (2)

[Vendor Advisory] https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx

[Exploit, Third Party Advisory] https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM

Scores

CVSS v3 7.8

EPSS 0.0039

EPSS Percentile 60.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

trendmicro/password_manager

Timeline

Published Aug 20, 2019

Tracked Since Feb 18, 2026