CVE-2019-14685 Information

Description

A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which if exploited would allow an attacker to manipulate a specific product feature to load a malicious service.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html http://seclists.org/fulldisclosure/2019/Aug/26 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escalaC3A7C3A3o-de-privilC3A9gios-no-windows-471403d53b68

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8