CVE-2023-28929

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://helpcenter.trendmicro.com/en-us/article/tmka-19062	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2021::::::::
	cpe:2.3:a:trendmicro:internet_security_2021::::::::
	cpe:2.3:a:trendmicro:maximum_security_2021::::::::
	cpe:2.3:a:trendmicro:premium_security_2021::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2022::::::::
	cpe:2.3:a:trendmicro:internet_security_2022::::::::
	cpe:2.3:a:trendmicro:maximum_security_2022::::::::
	cpe:2.3:a:trendmicro:premium_security_2022::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2023::::::::
	cpe:2.3:a:trendmicro:internet_security_2023::::::::
	cpe:2.3:a:trendmicro:maximum_security_2023::::::::
	cpe:2.3:a:trendmicro:premium_security_2023::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

07 Jul 2023, 14:12

Type	Values Removed	Values Added
CWE		CWE-427
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~(MISC) https://helpcenter.trendmicro.com/en-us/article/tmka-19062 -~~	(MISC) https://helpcenter.trendmicro.com/en-us/article/tmka-19062 - Vendor Advisory
CPE		cpe:2.3:a:trendmicro:internet_security_2021:::::::: cpe:2.3:a:trendmicro:internet_security_2022:::::::: cpe:2.3:a:trendmicro:antivirus\+_security_2023:::::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:trendmicro:antivirus\+_security_2021:::::::: cpe:2.3:a:trendmicro:maximum_security_2021:::::::: cpe:2.3:a:trendmicro:premium_security_2021:::::::: cpe:2.3:a:trendmicro:antivirus\+_security_2022:::::::: cpe:2.3:a:trendmicro:maximum_security_2023:::::::: cpe:2.3:a:trendmicro:internet_security_2023:::::::: cpe:2.3:a:trendmicro:premium_security_2023:::::::: cpe:2.3:a:trendmicro:maximum_security_2022:::::::: cpe:2.3:a:trendmicro:premium_security_2022::::::::
First Time		Trendmicro maximum Security 2023 Trendmicro maximum Security 2022 Trendmicro internet Security 2022 Trendmicro antivirus\+ Security 2023 Microsoft Microsoft windows Trendmicro antivirus\+ Security 2022 Trendmicro maximum Security 2021 Trendmicro premium Security 2021 Trendmicro premium Security 2023 Trendmicro Trendmicro internet Security 2021 Trendmicro internet Security 2023 Trendmicro antivirus\+ Security 2021 Trendmicro premium Security 2022

26 Jun 2023, 22:22

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-06-26 22:15

Updated : 2023-07-07 14:12

NVD link : CVE-2023-28929

Mitre link : CVE-2023-28929

JSON object : View

Products Affected

trendmicro

antivirus\+_security_2021
antivirus\+_security_2022
maximum_security_2022
premium_security_2021
internet_security_2021
antivirus\+_security_2023
internet_security_2023
premium_security_2023
maximum_security_2023
maximum_security_2021
internet_security_2022
premium_security_2022

microsoft

windows

CWE

CWE-427

Uncontrolled Search Path Element

7.8 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2023-28929

7.8^/10

Attach tags to `CVE-2023-28929`