Installer Package Vulnerability in Trend Micro Security 2020
CVE-2020-27697

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Security (consumer)
Vendor: CVE Published:; 18 November 2020

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2020-27697?

The installer package of Trend Micro Security 2020 contains a vulnerability that can be exploited via a symlink attack. By placing a malicious DLL file in an unsecured location, attackers can gain high-level privileges during the installation process. This can result in unauthorized access and potential compromise of the system. It is crucial for users to ensure that the installation process is conducted in a secure environment to mitigate the risk of such vulnerabilities.

Affected Version(s)

Trend Micro Security (Consumer) 2020 (v16)

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10036

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2020
Vulnerability Reserved
Oct 26, 2020