Vulnerability Description
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Control Manager | 7.0 |
| Trendmicro | Endpoint Sensor | 1.6 |
| Trendmicro | Im Security | 1.6.5 |
| Trendmicro | Mobile Security | 9.8 |
| Trendmicro | Officescan | xg |
| Trendmicro | Scanmail | 14.0 |
| Trendmicro | Security | 2019 |
| Trendmicro | Serverprotect | 5.8 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://success.trendmicro.com/solution/1123562Vendor Advisory
- https://success.trendmicro.com/solution/1123562Vendor Advisory
FAQ
What is CVE-2019-14688?
CVE-2019-14688 is a vulnerability with a CVSS score of 7.0 (HIGH). Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a n...
How severe is CVE-2019-14688?
CVE-2019-14688 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14688?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Control Manager, Trendmicro Endpoint Sensor, Trendmicro Im Security, Trendmicro Mobile Security, Trendmicro Officescan.