Published: 18/01/2020 Updated: 24/08/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an malicious user to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trendmicro antivirus_\\+_security_2019 15.0
trendmicro internet_security_2019 15.0
trendmicro maximum_security_2019 15.0
trendmicro premium_security_2019 15.0

Trend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShellexe" which does not allow Ad ...

NVD-CWE-noinfo http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx https://seclists.org/bugtraq/2020/Jan/29 https://nvd.nist.gov https://packetstormsecurity.com/files/155992/Trend-Micro-Security-2019-Security-Bypass-Protected-Service-Tampering.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-19697

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect