A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
The vulnerability results from improper use of the LoadLibraryEX function, which can be exploited to load an attacker's DLL library into a privileged application process. The vulnerability is related to a buffer overflow error (CWE-120), authentication mechanism bypass (CWE-290), and lack of data origin verification (CWE-346). The attacker does not need any credentials or user interaction — network access to the vulnerable installation is sufficient.
An attacker gains the ability to execute arbitrary code in the context of the SYSTEM account, which means complete takeover of the operating system, including access to all data, ability to install software, create administrative accounts, or perform lateral movement within the network.
Apply patches available from the vendor according to references published by Trend Micro at https://success.trendmicro.com/en-US/solution/KA-0022071. Until the fix is deployed, it is recommended to restrict network access to the Apex Central console exclusively to trusted hosts and network segments.
Trend Micro Apex Central installed on Microsoft Windows platform — specific versions indicated in vendor references (https://success.trendmicro.com/en-US/solution/KA-0022071)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows
OSMicrosoftwszystkie wersjeTrendmicro Apex Central
APPTrendmicro2019
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit