CVE-2020-27697
Description
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A symlink attack on an unprotected location lets a local attacker trick Trend Micro Security 2020's installer into running a malicious DLL, gaining SYSTEM privileges.
Vulnerability
CVE-2020-27697 is a local privilege escalation vulnerability in the installer package of Trend Micro Security 2020 (Consumer) version 16, specifically in the Premium Security, Maximum Security, Internet Security, and Antivirus+ products for Windows [1]. The vulnerability is triggered when the installer creates or accesses files in a non-protected location that can be controlled by a low-privileged user via a symlink (symbolic link) attack [1]. This allows a malicious DLL placed in that location to be loaded by the installer process instead of the legitimate file.
Exploitation
An attacker must already have local user access to the affected Windows system. No additional authentication or user interaction is required beyond triggering the installation of Trend Micro Security 2020 [1]. The attacker places a crafted malicious DLL in a non-protected directory that the installer will access during the installation sequence, and uses a symlink to redirect the installer's file operations to that DLL [1]. The installer runs with high integrity (SYSTEM) privileges, so when it loads the attacker's DLL, the malicious code executes in that elevated context.
Impact
Successful exploitation gives the attacker complete control over the system, equivalent to the SYSTEM account. The attacker can execute arbitrary code with administrative privileges, potentially installing persistent backdoors, modifying system files, or disabling security software [1]. The compromise occurs during the installation process, so any user who initiates an installation of the affected product is at risk.
Mitigation
Trend Micro addressed this vulnerability in the updated installer for Trend Micro Security 2021 (version 17.x), released in November 2020 [1]. All customers using Trend Micro Security 2020 (v16) should upgrade to the latest version (17.x) to remediate the issue. The vendor also recommends downloading the latest version from the official Trend Micro website [1]. No workaround was provided for users who cannot immediately upgrade.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: 2020 (v16)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- helpcenter.trendmicro.com/en-us/article/TMKA-10036mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.