Arbitrary Remote Code Execution Vulnerability in Trend Micro Anti-Threat Toolkit
CVE-2019-20358

7.8HIGH

Key Information:

Vendor
Trend Micro
Status
Trend Micro Anti-threat Toolkit (attk)
Vendor
CVE Published:
30 January 2020

Summary

The vulnerability in Trend Micro Anti-Threat Toolkit versions 1.62.0.1218 and earlier allows attackers to place malicious files in the same directory as the tool, which may result in arbitrary remote code execution if these files are executed. This flaw presents a significant risk to users, as it may facilitate unauthorized access and control over the affected system. A similar vulnerability was identified and rectified in version 1.62.0.1228.

Affected Version(s)

Trend Micro Anti-Threat Toolkit (ATTK) Version 1.62.0.1218 and below

References

https://success.trendmicro.com/solution/000149878
x_refsource_MISC
https://seclists.org/bugtraq/2020/Jan/55
x_refsource_MISC
http://seclists.org/fulldisclosure/2020/Jan/50
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.