Trend Maximum Security 2019 suffers from an unquoted search path vulnerability. This application provides an unquoted path in the parameter lpApplicationName of the function CreateProcessW during process create PwmConsole.exe --- which is triggered from the feature PC Health Checkup. If an attacker has write permissions to C:\ or C:\Program Files\, it could deliver an arbitrary executable named Program.exe or Trend.exe which would be executed by the coreServiceShell process. coreServiceShell is a privileged process that will run Program.exe with same privilege.
bbe0cfc27ac89fd49ed6a2d8487c2970BSidesLisbon 2019 has announced its call for papers. It will be held November 28th and 29th at Auditorio FMD-UL.
62258dbe561709971ac43d507871e6dd
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed