Installer Package Vulnerability in Trend Micro Security 2020
CVE-2020-27695

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Security (consumer)
Vendor: CVE Published:; 18 November 2020

Summary

A vulnerability exists in the installer package of Trend Micro Security 2020 that allows an attacker to place a malicious DLL file in a local directory. During installation, this can result in unauthorized administrative privileges being obtained by the attacker. This exploit poses significant risks as it can lead to full control over the compromised system.

Affected Version(s)

Trend Micro Security (Consumer) 2020 (v16)

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10036

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2020
Vulnerability Reserved
Oct 26, 2020