JVN#48789425: Trend Micro Internet Security multiple vulnerabilities

Overview

Trend Micro Internet Security provided by Trend Micro Incorporated contains multiple vulnerabilities.

Products Affected

Trend Micro Internet Security 8
Trend Micro Internet Security 10

Description

Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities.

Access Restriction Flaw - CVE-2016-1225

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score: 5.3

CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0
Arbitrary Script Execution - CVE-2016-1226

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1

CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3

According to the developer, attempts to exploit these vulnerabilities will not succeed from external networks when the default settings are used.

Impact

A remote attacker may obtain access to files on the device. (CVE-2016-1225)
An arbitrary script may be executed on the products. (CVE-2016-1226)

Solution

Apply the Update Module
According to the information provided by the developer, apply the Update Module.

Vendor Status

Vendor	Link
Trend Micro Incorporated	About the Vulnerabilities of Trend Micro Internet Security (March)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2016-1225
	CVE-2016-1226
JVN iPedia	JVNDB-2016-000073
	JVNDB-2016-000088

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Base Score: 5.3
CVSS v2	AV:N/AC:L/Au:N/C:P/I:N/A:N	Base Score: 5.0

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Base Score: 6.1
CVSS v2	AV:N/AC:M/Au:N/C:N/I:P/A:N	Base Score: 4.3

JVN#48789425 Trend Micro Internet Security multiple vulnerabilities