Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An attempted attack requires user authentication.
Published: 2020-03-17
Attempts to exploit multiple vulnerabilities in Trend Micro Apex One and OfficeScan observed in the wild.
https://www.tenable.com/cyber-exposure/2020-threat-landscape-retrospective
https://success.trendmicro.com/solution/000245572
https://success.trendmicro.com/solution/000245571