CVE-2019-9491

HIGH

Trend Micro ATTK <1.62.0.1218 - RCE

Title source: llm

Description

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/47527

View Code ZIP pw:eip

References (7)

[Vendor Advisory] https://success.trendmicro.com/solution/000149878

[Various Sources] http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2019/Oct/30

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2019/Oct/42

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2020/Jan/55

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2020/Jan/50

Scores

CVSS v3 7.8

EPSS 0.2152

EPSS Percentile 95.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-427

Status published

Products (1)

trendmicro/anti-threat_toolkit < 1.62.0.1218

Published Oct 21, 2019

Tracked Since Feb 18, 2026