CVE-2019-9491

HIGH

Trend Micro ATTK <1.62.0.1218 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-9491. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit leverages a vulnerability in Trend Micro Anti-Threat Toolkit (ATTK) where arbitrary .EXE files named 'cmd.exe' or 'regedit.exe' are executed during a scan. The provided C code compiles into a malicious executable that launches PowerShell when executed by the ATTK.

Description

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/47527

View Code ZIP pw:eip

This exploit leverages a vulnerability in Trend Micro Anti-Threat Toolkit (ATTK) where arbitrary .EXE files named 'cmd.exe' or 'regedit.exe' are executed during a scan. The provided C code compiles into a malicious executable that launches PowerShell when executed by the ATTK.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Trend Micro Anti-Threat Toolkit (ATTK) 1.62.0.1218 and below

No auth needed

Prerequisites: Ability to place a malicious executable named 'cmd.exe' or 'regedit.exe' in a directory scanned by ATTK

MITRE ATT&CK