CVE-2019-9491
Description
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below load and execute arbitrary .EXE files placed in the same directory, enabling remote code execution.
Vulnerability
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below contain a vulnerability where the tool will load and execute arbitrary .EXE files if they are named cmd.exe or regedit.exe and placed in the same directory as the ATTK executable. The affected components include attk_collector_cli_x64.exe, TrendMicroRansomwareCollector64.r09.exe, and attk_ScanCleanOnline_gui_x64.exe [1].
Exploitation
An attacker must place a malicious executable named cmd.exe or regedit.exe in the directory where the ATTK is run. When a user launches the ATTK, the tool loads and executes the malicious file without any additional user interaction beyond initiating the scan. Because the ATTK is signed by a verified publisher, any Mark-of-the-Web security warnings are bypassed if the malware was downloaded from the internet [1].
Impact
Successful exploitation allows the attacker to achieve arbitrary remote code execution (RCE) with the privileges of the user running the ATTK. The malicious file runs each time the ATTK is executed, providing a persistence mechanism [1].
Mitigation
Trend Micro has updated the ATTK to version 1.62.0.1223, which addresses this vulnerability. Users should upgrade to the latest version. No workarounds are provided for versions below the fix [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.62.0.1218+ 1 more
- (no CPE)range: <=1.62.0.1218
- (no CPE)range: Version 1.62.0.1218 and below
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-%28ATTK%29-REMOTE-CODE-EXECUTION.txtmitrex_refsource_MISC
- packetstormsecurity.com/files/156160/TrendMicro-Anti-Threat-Toolkit-Improper-Fix.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/Oct/42mitremailing-listx_refsource_FULLDISC
- seclists.org/fulldisclosure/2020/Jan/50mitremailing-listx_refsource_FULLDISC
- seclists.org/bugtraq/2019/Oct/30mitremailing-listx_refsource_BUGTRAQ
- seclists.org/bugtraq/2020/Jan/55mitremailing-listx_refsource_BUGTRAQ
- success.trendmicro.com/solution/000149878mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.