CVE-2019-14688: 
NixOS vulnerability analysis and mitigation

A DLL hijack vulnerability (CVE-2019-14688) was discovered in several Trend Micro product installers. The vulnerability affects multiple Trend Micro products including Control Manager, Endpoint Sensor, IM Security, Mobile Security, OfficeScan, and others. The issue was disclosed in February 2020 and only affects initial product installations by authorized users (NVD).

The vulnerability exists in a version of an install package used by multiple Trend Micro products. It is classified as a DLL hijacking vulnerability that could be exploited during new product installations. The CVSS v3.1 base score is 7.0 (High) with the vector: AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code with elevated privileges on the affected system during product installation. However, the impact is limited since it can only be exploited during initial product installation by an authorized user (MITRE).

Trend Micro has repackaged installers for the affected products to address this vulnerability. Users should ensure they are using the latest version of product installers from official Trend Micro sources (NVD).