CVE-2019-14688

HIGH

Trend Micro - DLL Hijack

Title source: llm

Description

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.

References (1)

[Vendor Advisory] https://success.trendmicro.com/solution/1123562

Scores

CVSS v3 7.0

EPSS 0.0048

EPSS Percentile 64.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (11)

trendmicro/control_manager

trendmicro/endpoint_sensor

trendmicro/im_security

trendmicro/mobile_security

trendmicro/officescan

trendmicro/scanmail

trendmicro/security

trendmicro/serverprotect

Timeline

Published Feb 20, 2020

Tracked Since Feb 18, 2026