CVE-2022-26319

MEDIUM

Trend Micro Portable Security <3.0 Pro, 2.0 - Privilege Escalation

Title source: llm

Description

An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

References (1)

[Patch, Vendor Advisory] https://success.trendmicro.com/solution/000290531

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (2)

trendmicro/portable_security < 2.0.8056

trendmicro/portable_security < 3.0.5054

Timeline

Published Mar 08, 2022

Tracked Since Feb 18, 2026