A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
References
Link | Resource |
---|---|
https://helpcenter.trendmicro.com/en-us/article/TMKA-10937 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-22-371/ | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2022-02-23 19:15
Updated : 2022-03-02 19:29
NVD link : CVE-2022-24671
Mitre link : CVE-2022-24671
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
trendmicro
- antivirus