ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe' | WHAT REALLY HAPPENED

ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe'

A flaw in the Trend Micro Anti-Threat Toolkit can be exploited by hackers to run malware on victims' Windows computers.

Bug-hunter John "hyp3rlinx" Page took credit for uncovering CVE-2019-9491, an arbitrary code execution flaw in the security tool.

In short, the Trend software can be tricked into executing any old piece of software under the sun, including malware, when it is scanned, provided the filename is cmd.exe or regedit.exe. No, really.

Comments

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA