JVNVU#93434935
Installer of Trend Micro HouseCall for Home Networks may insecurely load Dynamic Link Libraries
Overview
Trend Micro Incorporated has released a security update for HouseCall for Home Networks.
Products Affected
- The Installer of HouseCall for Home Networks (for Windows) Versions 5.3.1302 and earlier
Description
Trend Micro Incorporated has released a security update for HouseCall for Home Networks.
Impact
Installer of Trend Micro HouseCall for Home Networks contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the administrative privilege of the system.
For more information, refer to the information provided by the developer.
Solution
Use the latest installer
Use the latest installer provided by the developer.
Users who already have installed the software do not need to re-install, because this issue affects the installers only.
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | Security Bulletin: Trend Micro HouseCall for Home Networks Uncontrolled Search Path Element Privilege Escalation Vulnerability |
References
-
Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.