Vulnerability Description
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Antivirus\+ Security 2021 | <= 17.0.1412 |
| Trendmicro | Internet Security 2021 | <= 17.0.1412 |
| Trendmicro | Maximum Security 2021 | <= 17.0.1412 |
| Trendmicro | Premium Security 2021 | <= 17.0.1412 |
| Microsoft | Windows | - |
| Trendmicro | Antivirus\+ Security 2022 | <= 17.7.1476 |
| Trendmicro | Internet Security 2022 | <= 17.7.1476 |
| Trendmicro | Maximum Security 2022 | <= 17.7.1476 |
| Trendmicro | Premium Security 2022 | <= 17.7.1476 |
| Trendmicro | Antivirus\+ Security 2023 | <= 17.7.1476 |
| Trendmicro | Internet Security 2023 | <= 17.7.1476 |
| Trendmicro | Maximum Security 2023 | <= 17.7.1476 |
| Trendmicro | Premium Security 2023 | <= 17.7.1476 |
Related Weaknesses (CWE)
References
- https://helpcenter.trendmicro.com/en-us/article/tmka-19062Vendor Advisory
- https://helpcenter.trendmicro.com/en-us/article/tmka-19062Vendor Advisory
FAQ
What is CVE-2023-28929?
CVE-2023-28929 is a vulnerability with a CVSS score of 7.8 (HIGH). Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence ...
How severe is CVE-2023-28929?
CVE-2023-28929 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28929?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Antivirus\+ Security 2021, Trendmicro Internet Security 2021, Trendmicro Maximum Security 2021, Trendmicro Premium Security 2021, Microsoft Windows.