CVE-2021-32460

CVE-2021-32460 affects Trend Micro Maximum Security 2021 (v17). The vulnerability is an improper access control flaw in the installer/console that grants local attackers with existing user access the ability to escalate privileges (up to SYSTEM). The issue arises from incorrect permissions on sen...

CVE-2021-25251

CVE-2021-25251 affects Trend Micro Security (Consumer) 2020 and 2021 families. The vulnerability is a code injection flaw (CWE-94) that could allow an attacker with administrative privileges to execute arbitrary code and disable the program’s password protection and protection. The impact is desc...

CVE-2021-36744

CVE-2021-36744: A directory junction vulnerability exists in Trend Micro Maximum Security/consumer components (as discussed in ZDI advisory) that allows a local attacker with low privileges to create a directory junction via the Maximum Security Agent, enabling denial-of-service by deleting a fil...

CVE-2021-44023

CVE-2021-44023 affects Trend Micro Security (Consumer) 2021 family. The issue arises in the PC Health Checkup feature, where an attacker who can run code locally and with low privileges can abuse the feature to create symbolic links via the Platinum Host Service, enabling modification of files an...

CVE-2023-28929

CVE-2023-28929 affects Trend Micro Security (consumer editions) 2021–2023. The issue is a DLL hijacking flaw (CWE-427) where loading a malicious DLL via a vulnerable executable may allow arbitrary code execution or execution of a malicious program each time the executable starts. Affected product...