ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe'

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Try not to save files to your Windows PC called cmd.exe or regedit.exe

A flaw in the Trend Micro Anti-Threat Toolkit can be exploited by hackers to run malware on victims' Windows computers.

Bug-hunter John "hyp3rlinx" Page took credit for uncovering CVE-2019-9491, an arbitrary code execution flaw in the security tool.
In short, the Trend software can be tricked into executing any old piece of software under the sun, including malware, when it is scanned, provided the filename is cmd.exe or regedit.exe. No, really.

"Trend Micro Anti-Threat Toolkit (ATTK) will load and execute arbitrary .EXE files if a malware author happens to use the vulnerable naming convention of 'cmd.exe' or 'regedit.exe'" hyp3rlinx explained on Saturday.

"And the malware can be placed in the vicinity of the ATTK when a scan is launched by the end user."
...
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top