CVE-2019-14686 — HIGH (7.8)

Vulnerability Description

A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Trendmicro	Antivirus \+ Security 2019	15.0
Trendmicro	Internet Security 2019	15.0
Trendmicro	Maximum Security 2019	15.0
Trendmicro	Premium Security 2019	15.0
Trendmicro	Ransom Buster	1.0
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-427

References

https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspxVendor Advisory
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123421.aspxVendor Advisory

FAQ

What is CVE-2019-14686?

CVE-2019-14686 is a vulnerability with a CVSS score of 7.8 (HIGH). A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if e...

How severe is CVE-2019-14686?

CVE-2019-14686 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14686?

Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Antivirus \+ Security 2019, Trendmicro Internet Security 2019, Trendmicro Maximum Security 2019, Trendmicro Premium Security 2019, Trendmicro Ransom Buster.