Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
References
| Link | Resource |
|---|---|
| http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt | |
| http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html | Exploit Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2019/Oct/42 | Exploit Mailing List Third Party Advisory |
| http://seclists.org/fulldisclosure/2020/Jan/50 | Exploit Mailing List Third Party Advisory |
| https://seclists.org/bugtraq/2019/Oct/30 | Exploit Mailing List Third Party Advisory |
| https://seclists.org/bugtraq/2020/Jan/55 | Exploit Mailing List Third Party Advisory |
| https://success.trendmicro.com/solution/000149878 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
01 Jan 2022, 20:11
| Type | Values Removed | Values Added |
|---|---|---|
| References | (BUGTRAQ) https://seclists.org/bugtraq/2020/Jan/55 - Exploit, Mailing List, Third Party Advisory | |
| References | (MISC) http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html - Exploit, Third Party Advisory, VDB Entry | |
| References | (FULLDISC) http://seclists.org/fulldisclosure/2020/Jan/50 - Exploit, Mailing List, Third Party Advisory | |
| References | (FULLDISC) http://seclists.org/fulldisclosure/2019/Oct/42 - Exploit, Mailing List, Third Party Advisory | |
| CWE | CWE-427 |
Information
Published : 2019-10-21 19:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-9491
Mitre link : CVE-2019-9491
CVE.ORG link : CVE-2019-9491
JSON object : View
Products Affected
microsoft
- windows
trendmicro
- anti-threat_toolkit
CWE
CWE-427
Uncontrolled Search Path Element