CVE-2022-26319

MEDIUM

Trend Micro Portable Security <3.0 Pro, 2.0 - Privilege Escalation

Title source: llm
STIX 2.1

Description

An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000290531

Scores

CVSS v3 6.5
EPSS 0.0006
EPSS Percentile 18.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-427
Status published
Products (2)
trendmicro/portable_security 2.0 - 2.0.8056
trendmicro/portable_security 3.0 - 3.0.5054
Published Mar 08, 2022
Tracked Since Feb 18, 2026