CVE-2019-15628 - OpenCVE

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Trendmicro	Premium Security 2020 Internet Security 2020 Maximum Security 2020 Antivirus \+ Security 2020
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:trendmicro:antivirus_\+_security_2020::::::::
	cpe:2.3:a:trendmicro:internet_security_2020::::::::
	cpe:2.3:a:trendmicro:maximum_security_2020::::::::
	cpe:2.3:a:trendmicro:premium_security_2020::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx	Vendor Advisory
https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: trendmicro

Published: 2019-12-02T15:45:14

Updated: 2019-12-02T15:45:14

Reserved: 2019-08-26T00:00:00

Link: CVE-2019-15628

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-12-02T16:15:12.127

Modified: 2019-12-13T19:50:22.973

Link: CVE-2019-15628

JSON object: View

Redhat Information

No data.

CWE

CWE-426

{"containers": {"cna": {"affected": [{"product": "Trend Micro Security (Consumer)", "vendor": "Trend Micro", "versions": [{"status": "affected", "version": "Version 2020 (16.0.1221 and below)"}]}], "descriptions": [{"lang": "en", "value": "Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started."}], "problemTypes": [{"descriptions": [{"description": "DLL Hijacking", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-02T15:45:14", "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "shortName": "trendmicro"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx"}, {"tags": ["x_refsource_MISC"], "url": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@trendmicro.com", "ID": "CVE-2019-15628", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Trend Micro Security (Consumer)", "version": {"version_data": [{"version_value": "Version 2020 (16.0.1221 and below)"}]}}]}, "vendor_name": "Trend Micro"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DLL Hijacking"}]}]}, "references": {"reference_data": [{"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx", "refsource": "MISC", "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx"}, {"name": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628", "refsource": "MISC", "url": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628"}]}}}}, "cveMetadata": {"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272", "assignerShortName": "trendmicro", "cveId": "CVE-2019-15628", "datePublished": "2019-12-02T15:45:14", "dateReserved": "2019-08-26T00:00:00", "dateUpdated": "2019-12-02T15:45:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A62D8CA-DB54-4605-8FCE-A50962C30BB3", "versionEndIncluding": "16.0.1221", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "03E2F883-D77A-4F62-BCB7-755FCF9100ED", "versionEndIncluding": "16.0.1221", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBA47DE9-6F39-48D3-8C95-2327E85639AB", "versionEndIncluding": "16.0.1221", "vulnerable": true}, {"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A837FE6-2D7B-4DF0-A905-5DE2F3E569DD", "versionEndIncluding": "16.0.1221", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started."}, {"lang": "es", "value": "Trend Micro Security (Consumer) 2020 (versiones v16.0.1221 y posteriores), est\u00e1 afectado por una vulnerabilidad de secuestro de DLL que podr\u00eda permitir a un atacante usar un servicio espec\u00edfico como un mecanismo de ejecuci\u00f3n y/o persistencia que podr\u00eda ejecutar un programa malicioso cada vez que el servicio sea iniciado."}], "id": "CVE-2019-15628", "lastModified": "2019-12-13T19:50:22.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-02T16:15:12.127", "references": [{"source": "security@trendmicro.com", "tags": ["Vendor Advisory"], "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124011.aspx"}, {"source": "security@trendmicro.com", "tags": ["Third Party Advisory"], "url": "https://safebreach.com/Post/Trend-Micro-Security-16-DLL-Search-Order-Hijacking-and-Potential-Abuses-CVE-2019-15628"}], "sourceIdentifier": "security@trendmicro.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}