Japan Vulnerability NotesJVN:76257155JVN#76257155: Trend Micro Security may insecurely load Dynamic Link Libraries
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.1%
Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue (CWE-427).
While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application executable may result in Trend Micro Security loading the malicious DLL.
Impact
Arbitrary program may be executed with the privilege of Trend Micro Security.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions to fix the vulnerability.
- Trend Micro Security 2022/2023 17.7.1634 or later
- Trend Micro Security 2021 17.0.1426 or later
The update that addresses this vulnerability is available and is automatically applied through the product’s ActiveUpdate feature.
Products Affected
- Trend Micro Security 2022/2023 17.7.1476 and earlier
- Trend Micro Security 2021 17.0.1412 and earlier
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.1%