Published:2023/04/14  Last Updated:2023/05/16

Trend Micro Security may insecurely load Dynamic Link Libraries


Trend Micro Security provided by Trend Micro Incorporated may insecurely load Dynamic Link Libraries.

Products Affected

  • Trend Micro Security 2022/2023 17.7.1476 and earlier
  • Trend Micro Security 2021 17.0.1412 and earlier


Trend Micro Security provided by Trend Micro Incorporated contains an insecure DLL loading issue (CWE-427).
While the affected version of Trend Micro Security is installed and a malicious DLL is placed in a directory where some application executable resides, invoking the application executable may result in Trend Micro Security loading the malicious DLL.


Arbitrary program may be executed with the privilege of Trend Micro Security.


Update the software
Update the software to the latest version according to the information provided by the developer.
The developer has released the following versions to fix the vulnerability.

  • Trend Micro Security 2022/2023 17.7.1634 or later
  • Trend Micro Security 2021 17.0.1426 or later
The update that addresses this vulnerability is available and is automatically applied through the product's ActiveUpdate feature.

Vendor Status

Vendor Link
Trend Micro Incorporated Security Bulletin: Trend Micro Security DLL Hijacking


  1. Japan Vulnerability Notes JVNTA#91240916
    Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Base Score: 8.6
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
Base Score: 6.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)


This analysis assumes that the user is tricked into placing a malicious DLL file prepared by an attacker in a specific folder.


Rintaro Fujita of Nippon Telegraph and Telephone Corporation, Hiroki Hada of NTT Security (Japan) KK and Hiroki Mashiko of NTT DATA Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2023-28929
JVN iPedia JVNDB-2023-000033

Update History

Information under the section [Description], [Impact] and [Vulnerability Analysis by JPCERT/CC] was updated.