CVE-2020-15602
Description
An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. As the Trend Micro installer tries to load DLL files from its current directory, an arbitrary DLL could also be loaded with the same privileges as the installer if run as Administrator. User interaction is required to exploit the vulnerbaility in that the target must open a malicious directory or device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An untrusted search path RCE vulnerability in Trend Micro Security 2020 installer allows arbitrary code execution if user opens a malicious directory.
Vulnerability
An untrusted search path remote code execution (RCE) vulnerability exists in the Trend Micro Security 2020 consumer family (v16.0.0.1146 and below). The installer attempts to load DLL files from its current directory, enabling an attacker to place a malicious DLL in that directory to be loaded with the installer's privileges. Affected products include Premium Security, Maximum Security, Internet Security, and Antivirus+.
Exploitation
An attacker must convince a user to open a malicious directory or device containing a crafted DLL file. The user must then run the installer from that directory, or the installer must be executed in a context where it loads DLLs from that untrusted path. User interaction is required.
Impact
Successful exploitation allows the attacker to execute arbitrary code with the same privileges as the installer. If the installer is run as Administrator, the attacker gains full system compromise, including the ability to install programs, view/change/delete data, or create new accounts with full user rights.
Mitigation
Trend Micro has released updated installer builds (v16.0.1373) that resolve this vulnerability. Existing installations are not affected, but customers should update their installers for new installations. The fix is available for download from Trend Micro's support site [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=16.0.0.1146
- Range: 2020 (v16)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- helpcenter.trendmicro.com/en-us/article/TMKA-09644mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.