CVE-2020-24556
HIGHTrend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Securi...
Title source: llmDescription
A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Please note that version 1909 (OS Build 18363.719) of Microsoft Windows 10 mitigates hard links, but previous versions are affected.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000263632
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000263633
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-20-1093/
Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000267260
Scores
CVSS v3
7.8
EPSS
0.0017
EPSS Percentile
37.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (4)
trendmicro/apex_one
2019
trendmicro/apex_one
saas
trendmicro/worry-free_business_security
10.0 sp1
trendmicro/worry-free_business_security_services
Published
Sep 01, 2020
Tracked Since
Feb 18, 2026