CVE-2019-9491

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
trendmicroCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
trendmicroanti-threat_toolkit
𝑥
≤ 1.62.0.1218
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt
http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html
http://seclists.org/fulldisclosure/2019/Oct/42
http://seclists.org/fulldisclosure/2020/Jan/50
https://seclists.org/bugtraq/2019/Oct/30
https://seclists.org/bugtraq/2020/Jan/55
https://success.trendmicro.com/solution/000149878
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txt
http://packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.html
http://seclists.org/fulldisclosure/2019/Oct/42
http://seclists.org/fulldisclosure/2020/Jan/50
https://seclists.org/bugtraq/2019/Oct/30
https://seclists.org/bugtraq/2020/Jan/55
https://success.trendmicro.com/solution/000149878