CVE-2023-28929 - Vulnerability Details

Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Windows
Trend Micro Inc	Trend Micro Security
Trendmicro	Antivirus\+ Security 2021 Antivirus\+ Security 2022 Antivirus\+ Security 2023 Internet Security 2021 Internet Security 2022 Internet Security 2023 Maximum Security 2021 Maximum Security 2022 Maximum Security 2023 Premium Security 2021 Premium Security 2022 Premium Security 2023

Configuration 1 [-]

AND

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2021::::::::
	cpe:2.3:a:trendmicro:internet_security_2021::::::::
	cpe:2.3:a:trendmicro:maximum_security_2021::::::::
	cpe:2.3:a:trendmicro:premium_security_2021::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2022::::::::
	cpe:2.3:a:trendmicro:internet_security_2022::::::::
	cpe:2.3:a:trendmicro:maximum_security_2022::::::::
	cpe:2.3:a:trendmicro:premium_security_2022::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:a:trendmicro:antivirus\+_security_2023::::::::
	cpe:2.3:a:trendmicro:internet_security_2023::::::::
	cpe:2.3:a:trendmicro:maximum_security_2023::::::::
	cpe:2.3:a:trendmicro:premium_security_2023::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://helpcenter.trendmicro.com/en-us/article/tmka-19062

History

Thu, 05 Dec 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Trend Micro Inc Trend Micro Inc trend Micro Security
CPEs		cpe:2.3:a:trend_micro_inc:trend_micro_security::::::::
Vendors & Products		Trend Micro Inc Trend Micro Inc trend Micro Security
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: trendmicro

Published: 2023-06-26T21:52:22.423Z

Updated: 2024-12-05T15:46:07.827Z

Reserved: 2023-03-27T22:16:25.202Z

Link: CVE-2023-28929

Vulnrichment

Updated: 2024-08-02T13:51:38.989Z

NVD

Status : Modified

Published: 2023-06-26T22:15:09.733

Modified: 2024-11-21T07:56:14.880

Link: CVE-2023-28929

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object