JVNVU#96777901: Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries

Overview

Trend Micro Incorporated has released a security update for Trend Micro Password Manager.

Products Affected

Trend Micro Password Manager version 5.0.0.1262 and earlier

Description

Trend Micro Incorporated has released a security update for Trend Micro Password Manager.

Impact

A local attacker may obtain the administrative privilege when the product's installer is running.
For more information, refer to the information provided by the developer.

Solution

Use the latest installer
Use the latest installer provided by the developer.
Users who already have installed the software do not need to re-install, because this issue affects the installers only.

Vendor Status

Vendor	Link
Trend Micro Incorporated	Security Bulletin: Trend Micro Password Manager Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

References

Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#96777901 Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries