CVE-2019-14684 and 14687 from Trend Micro

CVE-2019-14684 and 14687 from Trend Micro on 08192019
2025-06-08 05:58:08 +00:00 · 2019-08-19 13:34:37 -07:00 · 2019-08-19 13:34:37 -07:00 · d2c595b2e6
commit d2c595b2e6
parent a1be8c3a74
2 changed files with 126 additions and 0 deletions
--- a/2019/14xxx/CVE-2019-14684.json
+++ b/2019/14xxx/CVE-2019-14684.json
@ -0,0 +1,63 @@
+{
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2019-14684",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Password Manager",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (5.0)"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.  This process is very similar, yet not identical to CVE-2019-14687."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "DLL Hijacking"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx"
+			},
+			{
+				"url" : "https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM"
+			}
+		]
+	}
+}
--- a/2019/14xxx/CVE-2019-14687.json
+++ b/2019/14xxx/CVE-2019-14687.json
@ -0,0 +1,63 @@
+{
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2019-14687",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro Password Manager",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "2019 (5.0)"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process.  This process is very similar, yet not identical to CVE-2019-14684."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "DLL Hijacking"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx"
+			},
+			{
+				"url" : "https://medium.com/@infiniti_css/fa839acaad59"
+			}
+		]
+	}
+}