Installer Search Patch Element Vulnerability in Trend Micro Portable Security Products
CVE-2022-26319

6.5MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Portable Security
Vendor: CVE Published:; 8 March 2022

Summary

An installer search patch element vulnerability in Trend Micro Portable Security versions 3.0 Pro, 3.0, and 2.0 allows local attackers to exploit the system. By placing a specially crafted DLL file in the installer directory, an attacker can elevate local privileges. However, to successfully execute this attack, the perpetrator must first gain the ability to run high-privileged code on the affected system. It is essential for users of these products to be aware of this vulnerability and apply any available mitigations to protect their systems.

Affected Version(s)

Trend Micro Portable Security 3.0 (Pro), 3.0, 2.0

References

https://success.trendmicro.com/solution/000290531

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2022
Vulnerability Reserved
Feb 28, 2022