The security expert and bug-hunter John “hyp3rlinx” Page discovered an arbitrary code execution vulnerability, tracked as CVE-2019-9491, in the Trend Micro Anti-Threat Toolkit.
Trend Micro ATTK allows analyzing malware issues and clean infections. It can be used to perform system forensic scans and clean various types of infections.
The vulnerability could be exploited by attackers to run malware on target Windows computers.
“Trend Micro Anti-Threat Toolkit (ATTK) will load and execute arbitrary .EXE files if a malware author happens to use the vulnerable naming convention of “
The expert discovered that is possible to trick the Trend Micro Anti-Threat Toolkit into executing any malicious code when it is named “cmd.exe” or “regedit.exe.”
An attacker that is able to save a malicious file with the above
Below a video proof of concept of the attack:
The expert also published a PoC exploit code in the advisory.
Below the vulnerability timeline:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.