JVNVU#99391968: Installer of Trend Micro Portable Security may insecurely load Dynamic Link Libraries

Overview

Trend Micro Incorporated has released a security update for Trend Micro Portable Security.

Products Affected

Trend Micro Portable Security 3.0 versions prior to 3.0.5054
Trend Micro Portable Security 2.0 versions prior to 2.0.8056

Description

Trend Micro Incorporated has released a security update for Trend Micro Portable Security.

Impact

A local attacker may obtain the administrative privilege when the product's installer is running.
For more information, refer to the information provided by the developer.

Solution

Apply the patch
Apply the appropriate patch according to the information provided by the developer.

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: Trend Micro Portable Security Installer Uncontrolled Search Patch Element LPE Vulnerability

References

Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#99391968 Installer of Trend Micro Portable Security may insecurely load Dynamic Link Libraries