CVE-2019-14684
First published: Tue Aug 20 2019(Updated: )
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trendmicro Password Manager | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-14684?
CVE-2019-14684 is rated as a high severity vulnerability due to its potential to allow arbitrary DLL loading.
How do I fix CVE-2019-14684?
To fix CVE-2019-14684, update Trend Micro Password Manager to the latest version that addresses this vulnerability.
What software is affected by CVE-2019-14684?
CVE-2019-14684 affects Trend Micro Password Manager version 5.0.
Can CVE-2019-14684 be exploited remotely?
CVE-2019-14684 requires local access to exploit, as it involves DLL hijacking within the service's process.
What should I do if I can't update Trend Micro Password Manager to fix CVE-2019-14684?
If you cannot update, consider disabling the service or implementing strict access controls to mitigate the risk of CVE-2019-14684.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/trendmicro
- canonical/trendmicro password manager
- version/trendmicro password manager/5.0