Vulnerability Description
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Antivirus\+ 2020 | <= 16.0.1146 |
| Trendmicro | Internet Security 2020 | <= 16.0.1146 |
| Trendmicro | Maximum Security 2020 | <= 16.0.1146 |
| Trendmicro | Premium Security 2020 | <= 16.0.1146 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://helpcenter.trendmicro.com/en-us/article/TMKA-09644Vendor Advisory
- https://helpcenter.trendmicro.com/en-us/article/TMKA-09644Vendor Advisory
FAQ
What is CVE-2020-15602?
CVE-2020-15602 is a vulnerability with a CVSS score of 7.8 (HIGH). An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on...
How severe is CVE-2020-15602?
CVE-2020-15602 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15602?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Antivirus\+ 2020, Trendmicro Internet Security 2020, Trendmicro Maximum Security 2020, Trendmicro Premium Security 2020, Microsoft Windows.