Primary

Context

Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability

Vulnerability

Patched

A link following local privilege escalation vulnerability has been identified in Trend Micro Maximum Security version 17.8. This vulnerability allows local attackers to unintentionally delete privileged Trend Micro files, including those belonging to the application itself. The issue arises within the Platinum Host Service, where symbolic links can be created to manipulate the service into deleting files. Exploiting this vulnerability could enable attackers to escalate privileges and execute arbitrary code with SYSTEM rights.

Impact

Exploitation of this vulnerability allows local attackers to escalate privileges, potentially leading to the execution of arbitrary code in the context of the SYSTEM user.

Remediation

Trend Micro has released a patch for this vulnerability in version 17.8.1464 of Maximum Security. Users are advised to update to this version.

Added: Jun 17, 2025, 9:27 PM

Updated: Jun 17, 2025, 9:27 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

2.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Trend Micro Maximum Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating