Remote Code Execution Vulnerability in Trend Micro Security Products

CVE-2020-15602

Summary

An untrusted search path vulnerability exists in the Trend Micro Security 2020 product line, allowing attackers to execute arbitrary code on affected systems. This vulnerability arises when the Trend Micro installer attempts to load dynamic link library (DLL) files from its own directory. If the installer is executed with administrator privileges, it becomes susceptible to exploitation when the user opens a malicious directory or device. For a successful attack, user interaction is required, making this a significant concern for potential risk exposure.

References