CVE-2022-26319
6.5MEDIUM
Key Information:
- Vendor
- Trend Micro
- Vendor
- CVE Published:
- 8 March 2022
Summary
An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
Affected Version(s)
Trend Micro Portable Security 3.0 (Pro), 3.0, 2.0
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved