CVE-2020-15602
HIGHTrend Micro Security 2020 < 16.0.1146 - Untrusted Search Path Remote Code Execution via DLL Loading
Title source: llmDescription
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://helpcenter.trendmicro.com/en-us/article/TMKA-09644
Scores
CVSS v3
7.8
EPSS
0.0141
EPSS Percentile
80.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (4)
trendmicro/antivirus\+_2020
< 16.0.1146
trendmicro/internet_security_2020
< 16.0.1146
trendmicro/maximum_security_2020
< 16.0.1146
trendmicro/premium_security_2020
< 16.0.1146
Published
Jul 15, 2020
Tracked Since
Feb 18, 2026