Trend Micro Apex Central
Moderate fix1 remedy
cpe:2.3:a:trendmicro:apex_central:*:*:*:*:windows:*:*
Moderate fix1 remedy
- < Build 7190
Trend Micro Apex Central LoadLibraryEX Remote Code Execution Vulnerability
Vulnerability
Patched
A remote code execution vulnerability has been identified in Trend Micro Apex Central (on-premise) versions prior to Build 7190. This vulnerability allows an unauthenticated remote attacker to load a malicious DLL into a critical executable, MsgReceiver.exe, which runs with SYSTEM privileges. The issue arises from improper validation of user-supplied data, enabling the execution of arbitrary code under the context of the system user.
Impact
Exploitation of this vulnerability allows for unauthorized remote code execution with SYSTEM privileges on the affected machine.
Reproduction
The vulnerability can be reproduced by sending a crafted message to MsgReceiver.exe, which listens on TCP port 20001. The message must include the name of the DLL to be loaded, which can be hosted on an unauthenticated Samba share. Once the message is received, the specified DLL is loaded into the process, executing the embedded code with elevated privileges.
Remediation
Users are advised to update to Trend Micro Apex Central Critical Patch Build 7190 or later.
Added: Jan 8, 2026, 1:20 PM
Updated: Jan 8, 2026, 6:54 PM
Vulnerability Rating
Custom Algorithm
spread
2.6impact
10.0exploitability
9.1remediation
7.7relevance
1.9threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.