Published:2022/03/10  Last Updated:2022/03/10

JVNVU#96777901
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview

Trend Micro Incorporated has released a security update for Trend Micro Password Manager.

Products Affected

  • Trend Micro Password Manager version 5.0.0.1262 and earlier

Description

Trend Micro Incorporated has released a security update for Trend Micro Password Manager.

Impact

A local attacker may obtain the administrative privilege when the product's installer is running.
For more information, refer to the information provided by the developer.

Solution

Use the latest installer
Use the latest installer provided by the developer.
Users who already have installed the software do not need to re-install, because this issue affects the installers only.

References

  1. Japan Vulnerability Notes JVNTA#91240916
    Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia