Installer Package Vulnerability in Trend Micro Security 2020
CVE-2020-27697

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Security (consumer)
Vendor: CVE Published:; 18 November 2020

Summary

The installer package of Trend Micro Security 2020 contains a vulnerability that can be exploited via a symlink attack. By placing a malicious DLL file in an unsecured location, attackers can gain high-level privileges during the installation process. This can result in unauthorized access and potential compromise of the system. It is crucial for users to ensure that the installation process is conducted in a secure environment to mitigate the risk of such vulnerabilities.

Affected Version(s)

Trend Micro Security (Consumer) 2020 (v16)

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10036

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2020
Vulnerability Reserved
Oct 26, 2020