CVE-2019-9492

Description

A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.

Affected products

• Trend Micro / Trend Micro OfficeScan11.0 SP1, XG (12.0) – 11.0 SP1, XG (12.0)

References

• MISChttps://www.nsslabs.com/blog-posts/2019/7/24/your-advanced-endpoint-protection-aep-product-protects-your-computer-but-can-it-protect-itself
• MISChttps://success.trendmicro.com/solution/1123045