CVE-2019-9491

HIGH

Trend Micro ATTK <1.62.0.1218 - RCE

Title source: llm

Description

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/47527

View Code ZIP pw:eip

References (7)

[Various Sources] http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Oct/42

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Jan/50

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/Oct/30

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2020/Jan/55

[Vendor Advisory] https://success.trendmicro.com/solution/000149878

Scores

CVSS v3 7.8

EPSS 0.2152

EPSS Percentile 95.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

trendmicro/anti-threat_toolkit < 1.62.0.1218

Timeline

Published Oct 21, 2019

Tracked Since Feb 18, 2026