JVN#48789425: Trend Micro Internet Security multiple vulnerabilities

2016-06-02T00:00:00
ID JVN:48789425
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-06-02T00:00:00

Description

## Description

Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities.

  • Access Restriction Flaw - CVE-2016-1225 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | Base Score: 5.3
    ---|---|---
    CVSS v2 | AV:N/AC:L/Au:N/C:P/I:N/A:N | Base Score: 5.0
  • Arbitrary Script Execution - CVE-2016-1226 CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1
    ---|---|---
    CVSS v2 | AV:N/AC:M/Au:N/C:N/I:P/A:N | Base Score: 4.3
    According to the developer, attempts to exploit these vulnerabilities will not succeed from external networks when the default settings are used.

## Impact

A remote attacker may obtain access to files on the device. (CVE-2016-1225)
An arbitrary script may be executed on the products. (CVE-2016-1226)

## Solution

Apply the Update Module
According to the information provided by the developer, apply the Update Module.

## Products Affected

  • Trend Micro Internet Security 8
  • Trend Micro Internet Security 10