CVE-2023-25143

Vulnerability

An uncontrolled search path element vulnerability exists in the Trend Micro Apex One Server installer [1]. This affects the installer component specifically, not the running product itself. The exact affected versions are not detailed in the available reference, but given the advisory date of 2023-03-07, the vulnerability impacts versions prior to the patch released around that date.

Exploitation

An attacker needs to be able to influence the search path environment variable or place a malicious DLL (or other executable) in a location that the installer will search before the legitimate system path [1]. The attacker must have a means to deliver the malicious payload to a location reachable by the installer (e.g., a network share, writable directory, or via a download that ends up in the user's temporary folder). The exploitation requires the target user to launch the Apex One Server installer under conditions where the uncontrolled search path leads to loading the attacker's code [1].

Impact

Successful exploitation allows the attacker to achieve remote code execution in the context of the user running the installer [1]. This could lead to full compromise of the target system, including installation of malware, data theft, or complete system takeover.

Mitigation

The vendor released a patch or updated installer to address this issue; users should download and use the latest version of the Apex One Server installer from the official Trend Micro support site [1]. No specific workaround is mentioned, but as a general best practice, users should run software installers only from trusted sources and ensure that their system path environment does not include uncontrolled locations.