exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

CVE-2019-14685

Status Candidate

Overview

A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service.

Related Files

Trend Maximum Security 2019 Unquoted Search Path
Posted Aug 24, 2019
Authored by Silton Santos

Trend Maximum Security 2019 suffers from an unquoted search path vulnerability. This application provides an unquoted path in the parameter lpApplicationName of the function CreateProcessW during process create PwmConsole.exe --- which is triggered from the feature PC Health Checkup. If an attacker has write permissions to C:\ or C:\Program Files\, it could deliver an arbitrary executable named Program.exe or Trend.exe which would be executed by the coreServiceShell process. coreServiceShell is a privileged process that will run Program.exe with same privilege.

tags | advisory, arbitrary
advisories | CVE-2019-14685
MD5 | bbe0cfc27ac89fd49ed6a2d8487c2970
Page 1 of 1
Back1Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    26 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    2 Files
  • 9
    May 9th
    2 Files
  • 10
    May 10th
    13 Files
  • 11
    May 11th
    17 Files
  • 12
    May 12th
    22 Files
  • 13
    May 13th
    11 Files
  • 14
    May 14th
    9 Files
  • 15
    May 15th
    2 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    21 Files
  • 18
    May 18th
    17 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close