Vulnerabilities > Trendmicro > Maximum Security 2022

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-28929 Uncontrolled Search Path Element vulnerability in Trendmicro products
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
local
low complexity
trendmicro CWE-427
7.8
2023-01-20 CVE-2022-48191 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Trendmicro Maximum Security 2022 17.7
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.
local
high complexity
trendmicro CWE-367
7.0
2022-05-27 CVE-2022-30687 Link Following vulnerability in Trendmicro Maximum Security 2022 17.7
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.
local
low complexity
trendmicro CWE-59
6.6