CVE-2019-14688

Description

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.

References

Link	Tags
https://success.trendmicro.com/solution/1123562	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-14688?: CVE-2019-14688 has been scored as a high severity vulnerability.
How to fix CVE-2019-14688?: To fix CVE-2019-14688, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-14688 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-14688 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-14688?: CVE-2019-14688 affects Trend Micro Trend Micro IM Security (IMS), Trend Micro Control Manager (TMCM), Trend Micro OfficeScan (OSCE), Trend Micro Endpoint Sensor (TMES), Trend Micro Security (Consumer), Trend Micro ScanMail for Microsoft Exchange (SMEX), Trend Micro ServerProtect (SP), Trend Micro Mobile Security Enterprise (TMMS Enterprise) .

Description

Category

CWE-427 – Uncontrolled Search Path Element

References

Frequently Asked Questions