|
[Japanese]
|
JVNDB-2020-007305
|
Installer of Trend Micro Security 2020 (Consumer) may insecurely load Dynamic Link Libraries
|
|
Installers of Trend Micro Security 2020 (Consumer) family may insecurely load Dynamic Link Libraries.
Multiple products provided by Trend Micro Incorporated contain the DLL search path issue, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Trend Micro, Inc.
- Antivirus+ 2020 for Windows v16.0.1146 and earlier
- Internet Security 2020 for Windows v16.0.1146 and earlier
- Trend Micro Maximum Security 2020 for Windows v16.0.1146 and earlier
- Trend Micro Premium Security 2020 for Windows v16.0.1146 and earlie
|
|
|
Arbitrary code may be executed with the privilege of the user invoking the installer.
|
|
[Use the latest installer]
Use the latest installer according to the information provided by the developer.
Note that this vulnerability affects the installer only, thus users who have already installed Trend Micro Security 2020 (Consumer) do not need to re-install the software.
|
|
Trend Micro, Inc.
|
|
- Untrusted Search Path(CWE-426) [NVD Evaluation]
- Uncontrolled Search Path Element(CWE-427) [Other]
|
|
- CVE-2020-15602
|
|
- JVN : JVNVU#98423028
- JVN : JVNTA#91240916
- National Vulnerability Database (NVD) : CVE-2020-15602
|
|
- [2024/08/22]
Web page was published
|
