JVNVU#96882769: Multiple vulnerabilities in Trend Micro Maximum Security

Overview

Trend Micro Incorporated has released security updates for Trend Micro Maximum Security.

Products Affected

Trend Micro Maximum Security 2022
Trend Micro Security 2022

Description

Trend Micro Incorporated has released security updates for Trend Micro Maximum Security.

Impact

Trend Micro Maximum Security 2022

Arbitrary file deletion due to link interpretation problems during file access - CVE-2022-30687
privilege escalation due to Time-of-check Time-of-use (TOCTOU) race condition vulnerability - CVE-2022-48191

Trend Micro Security 2022

Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893
Information disclosure due to an Out-Of-Bounds Read vulnerability - CVE-2022-35234, CVE-2022-37347, CVE-2022-37348

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The update that addresses this vulnerability is available and is automatically applied through the product's ActiveUpdate feature.

Vendor Status

Vendor	Link
Trend Micro Incorporated	Security Bulletin: Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability
	Security Bulletin: Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
	Security Bulletin: Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
	Security Bulletin: Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#96882769 Multiple vulnerabilities in Trend Micro Maximum Security