CVE-2020-27697
HIGHTrend Micro Security 2020 < 16.0 - DLL Hijacking via Symlink Attack
Title source: llmDescription
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://helpcenter.trendmicro.com/en-us/article/TMKA-10036
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
15.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (4)
trendmicro/antivirus\+_security_2020
< 16.0
trendmicro/internet_security_2020
< 16.0
trendmicro/maximum_security_2020
< 16.0
trendmicro/premium_security_2020
< 16.0
Published
Nov 18, 2020
Tracked Since
Feb 18, 2026