CVE-2019-14688
First published: Thu Feb 20 2020(Updated: )
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trendmicro Control Manager | =7.0 | |
| Trendmicro Endpoint Sensor | =1.6 | |
| Trendmicro Im Security | =1.6.5 | |
| Trendmicro Mobile Security | =9.8 | |
| Trendmicro Officescan | =xg | |
| Trendmicro Scanmail | =14.0 | |
| Trendmicro Security | =2019 | |
| Trendmicro Serverprotect | =5.8 | |
| Trendmicro Serverprotect | =5.8 | |
| Trendmicro Serverprotect | =5.8 | |
| Trendmicro Serverprotect | =6.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14688?
CVE-2019-14688 is a DLL hijack vulnerability found in several Trend Micro products during the new product installation.
Which products are affected by CVE-2019-14688?
The following Trend Micro products are affected by CVE-2019-14688: Trendmicro Control Manager 7.0, Trendmicro Endpoint Sensor 1.6, Trend Micro IM Security 1.6.5, Trendmicro Mobile Security 9.8, Trendmicro Officescan XG, Trendmicro Scanmail 14.0, Trendmicro Security 2019, Trendmicro Serverprotect 5.8 (EMC, Netware, Windows), and Trendmicro Serverprotect 6.0 (Storage).
What is the severity of CVE-2019-14688?
CVE-2019-14688 has a high severity rating of 7 out of 10.
How can CVE-2019-14688 be exploited?
CVE-2019-14688 can be exploited during the installation of new Trend Micro products.
Is Microsoft Windows vulnerable to CVE-2019-14688?
No, Microsoft Windows is not vulnerable to CVE-2019-14688.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/trendmicro
- canonical/trendmicro control manager
- version/trendmicro control manager/7.0
- canonical/trendmicro endpoint sensor
- version/trendmicro endpoint sensor/1.6
- canonical/trendmicro im security
- version/trendmicro im security/1.6.5
- canonical/trendmicro mobile security
- version/trendmicro mobile security/9.8
- canonical/trendmicro officescan
- version/trendmicro officescan/xg
- canonical/trendmicro scanmail
- version/trendmicro scanmail/14.0
- canonical/trendmicro security
- version/trendmicro security/2019
- canonical/trendmicro serverprotect
- version/trendmicro serverprotect/5.8
- version/trendmicro serverprotect/6.0
- vendor/microsoft
- canonical/microsoft windows