Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for antivirus\+_2020 by trendmicro

    CVE-2020-25775 (GCVE-0-2020-25775)

    Vulnerability from nvd – Published: 2020-09-28 23:30 – Updated: 2024-08-04 15:40
    VLAI
    Summary
    The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
    Severity
    No CVSS data available.
    CWE
    • Security Race Condition Arbitrary File Deletion
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:40:36.947Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Security (Consumer)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2020 (v16)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Race Condition Arbitrary File Deletion",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-30T16:28:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-25775",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Security (Consumer)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2020 (v16)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Race Condition Arbitrary File Deletion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-25775",
        "datePublished": "2020-09-28T23:30:45.000Z",
        "dateReserved": "2020-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:40:36.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15603 (GCVE-0-2020-15603)

    Vulnerability from nvd – Published: 2020-07-15 19:15 – Updated: 2024-08-04 13:22
    VLAI
    Summary
    An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.
    Severity
    No CVSS data available.
    CWE
    • Invalid Memory Read
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:22:30.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Security (Consumer)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2020 (v16)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products\u0027 driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Invalid Memory Read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-15T19:15:16.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-15603",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Security (Consumer)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2020 (v16)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products\u0027 driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Invalid Memory Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-15603",
        "datePublished": "2020-07-15T19:15:16.000Z",
        "dateReserved": "2020-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:22:30.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15602 (GCVE-0-2020-15602)

    Vulnerability from nvd – Published: 2020-07-15 19:15 – Updated: 2024-08-04 13:22
    VLAI
    Summary
    An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
    Severity
    No CVSS data available.
    CWE
    • Untrusted Search Patch RCE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:22:29.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Security (Consumer)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2020 (v16)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted Search Patch RCE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-15T19:15:15.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-15602",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Security (Consumer)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2020 (v16)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted Search Patch RCE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-15602",
        "datePublished": "2020-07-15T19:15:15.000Z",
        "dateReserved": "2020-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:22:29.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-25775 (GCVE-0-2020-25775)

    Vulnerability from cvelistv5 – Published: 2020-09-28 23:30 – Updated: 2024-08-04 15:40
    VLAI
    Summary
    The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.
    Severity
    No CVSS data available.
    CWE
    • Security Race Condition Arbitrary File Deletion
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:40:36.947Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Security (Consumer)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2020 (v16)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Security Race Condition Arbitrary File Deletion",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-30T16:28:11.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-25775",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Security (Consumer)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2020 (v16)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product\u0027s secure erase feature to delete files with a higher set of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Security Race Condition Arbitrary File Deletion"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09909"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1227/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-25775",
        "datePublished": "2020-09-28T23:30:45.000Z",
        "dateReserved": "2020-09-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:40:36.947Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15603 (GCVE-0-2020-15603)

    Vulnerability from cvelistv5 – Published: 2020-07-15 19:15 – Updated: 2024-08-04 13:22
    VLAI
    Summary
    An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.
    Severity
    No CVSS data available.
    CWE
    • Invalid Memory Read
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:22:30.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Security (Consumer)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2020 (v16)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products\u0027 driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Invalid Memory Read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-15T19:15:16.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-15603",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Security (Consumer)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2020 (v16)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products\u0027 driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Invalid Memory Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-15603",
        "datePublished": "2020-07-15T19:15:16.000Z",
        "dateReserved": "2020-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:22:30.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15602 (GCVE-0-2020-15602)

    Vulnerability from cvelistv5 – Published: 2020-07-15 19:15 – Updated: 2024-08-04 13:22
    VLAI
    Summary
    An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
    Severity
    No CVSS data available.
    CWE
    • Untrusted Search Patch RCE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:22:29.985Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Trend Micro Security (Consumer)",
              "vendor": "Trend Micro",
              "versions": [
                {
                  "status": "affected",
                  "version": "2020 (v16)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Untrusted Search Patch RCE",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-15T19:15:15.000Z",
            "orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
            "shortName": "trendmicro"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@trendmicro.com",
              "ID": "CVE-2020-15602",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Trend Micro Security (Consumer)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2020 (v16)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Trend Micro"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Untrusted Search Patch RCE"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644",
                  "refsource": "MISC",
                  "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09644"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
        "assignerShortName": "trendmicro",
        "cveId": "CVE-2020-15602",
        "datePublished": "2020-07-15T19:15:15.000Z",
        "dateReserved": "2020-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:22:29.985Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }