CVE-2019-14688

HIGH Year: 2019
CVSS v3 Score
7.0
High
CVSS v2 Score
5.1
Medium
Weakness Type
CWE-427
View all →

Vulnerability Description

Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.

Related Vulnerabilities

CVE-2017-5176

HIGH
CVSS:7.0(High)

A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench (CCW). The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and ear...

CWE-4272017

CVE-2017-6051

HIGH
CVSS:7.0(High)

An Uncontrolled Search Path Element issue was discovered in BLF-Tech LLC VisualView HMI Version 9.9.14.0 and prior. The uncontrolled search path element vulnerability has been identified, which may al...

CWE-4272017

CVE-2017-9661

HIGH
CVSS:7.0(High)

An Uncontrolled Search Path Element issue was discovered in SIMPlight SCADA Software version 4.3.0.27 and prior. The uncontrolled search path element vulnerability has been identified, which may allow...

CWE-4272017

CVE-2018-5457

HIGH
CVSS:7.0(High)

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vul...

CWE-4272018

CVE-2019-19235

HIGH
CVSS:7.0(High)

AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular pat...

CWE-4272019

CVE-2020-24440

HIGH
CVSS:7.0(High)

Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user. Exploitation of this issu...

CWE-4272020