Description
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx
Exploit, Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2020/Jan/29
Scores
CVSS v3
6.7
EPSS
0.0029
EPSS Percentile
52.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (4)
trendmicro/antivirus_\+_security_2019
15.0
trendmicro/internet_security_2019
15.0
trendmicro/maximum_security_2019
15.0
trendmicro/premium_security_2019
15.0
Published
Jan 18, 2020
Tracked Since
Feb 18, 2026