CVE-2019-9491

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Anti-threat Toolkit (attk)
Vendor: CVE Published:; 21 October 2019

Summary

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.

Affected Version(s)

Trend Micro Anti-Threat Toolkit (ATTK) Version 1.62.0.1218 and below

References

https://success.trendmicro.com/solution/000149878

x_refsource_MISC

http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-AN...

x_refsource_MISC

https://seclists.org/bugtraq/2019/Oct/30

mailing-listx_refsource_BUGTRAQ

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 21, 2019
Vulnerability Reserved
Mar 1, 2019