CVE-2022-26319

Published: Mar 8, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.6 / Impact: 5.9

Source: NVD

Description

An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Affected (3)

Products: Trendmicro: Portable Security

1 product

Portable Security

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Portable Security	From 2.0 to 2.0.8056
Trendmicro Portable Security	From 3.0 to 3.0.5054
Trendmicro Portable Security	From 3.0 to 3.0.5054

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://success.trendmicro.com/solution/000290531

Source: security@trendmicro.com

PatchVendor Advisory

https://success.trendmicro.com/solution/000290531

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.