OpenCVE

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Trendmicro	Antivirus\+ Security 2021 Antivirus\+ Security 2022 Antivirus\+ Security 2023 Internet Security 2021 Internet Security 2022 Internet Security 2023 Maximum Security 2021 Maximum Security 2022 Maximum Security 2023 Premium Security 2021 Premium Security 2022 Premium Security 2023

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2021::::::::
	cpe:2.3:a:trendmicro:internet_security_2021::::::::
	cpe:2.3:a:trendmicro:maximum_security_2021::::::::
	cpe:2.3:a:trendmicro:premium_security_2021::::::::

Configuration 2 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2022::::::::
	cpe:2.3:a:trendmicro:internet_security_2022::::::::
	cpe:2.3:a:trendmicro:maximum_security_2022::::::::
	cpe:2.3:a:trendmicro:premium_security_2022::::::::

Configuration 3 [-]

AND

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2023::::::::
	cpe:2.3:a:trendmicro:internet_security_2023::::::::
	cpe:2.3:a:trendmicro:maximum_security_2023::::::::
	cpe:2.3:a:trendmicro:premium_security_2023::::::::

No data.

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/tmka-19062

History

No history.

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2023-06-26T21:52:22.423Z

Updated: 2024-08-02T13:51:38.989Z

Reserved: 2023-03-27T22:16:25.202Z

Link: CVE-2023-28929

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-26T22:15:09.733

Modified: 2023-07-07T14:12:11.360

Link: CVE-2023-28929

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object