JVNVU#97614828: Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)

Overview

Trend Micro Incorporated has released a security update for Trend Micro Maximum Security.

Products Affected

Trend Micro Maximum Security 17.7, prior to 17.7.1979

Description

Trend Micro Incorporated has released a security update for Trend Micro Maximum Security, fixing an improper link resolution vulnerability(CWE-59, CVE-2024-32849).

Impact

Trend Micro files may be deleted.
For more information, refer to the information provided by the developer.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.
The update that addresses this vulnerability is available and is automatically applied through the product's ActiveUpdate feature.

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#97614828 Trend Micro Maximum Security vulnerable to improper link resolution (CVE-2024-32849)