Description
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68
Vendor Advisory x_refsource_confirm
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Aug/26
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html
Scores
CVSS v3
7.8
EPSS
0.0010
EPSS Percentile
27.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (4)
trendmicro/antivirus_\+_security_2019
15.0
trendmicro/internet_security_2019
15.0
trendmicro/maximum_security_2019
15.0
trendmicro/premium_security_2019
15.0
Published
Aug 21, 2019
Tracked Since
Feb 18, 2026