DLL Side-Loading Vulnerability in Trend Micro OfficeScan [CVE-2019-9492]
Trend Micro OfficeScan could allow a local authenticated attacker to execute arbitrary code on the system, caused by the loading of dynamic-linked libraries in an insecure manner. By placing a specially-crafted .DLL file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.
However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.
Trend Micro has released new patches for Trend Micro OfficeScan. These patches resolve a DLL side-loading vulnerability in the product.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.