JVNVU#99545969
Trend Micro Security (Consumer) vulnerable to code injection
Overview
Trend Micro Security (Consumer) provided by Trend Micro Incorporated contains a code injection vulnerability.
Products Affected
- Premium Security 2020 (v16) and 2021 (v17) for Windows
- Maximum Security 2020 (v16) and 2021 (v17) for Windows
- Internet Security 2020 (v16) and 2021 (v17) for Windows
- Antivirus+ 2020 (v16) and 2021 (v17) for Windows
Description
Trend Micro Security (Consumer) provided by Trend Micro Incorporated contains a code injection vulnerability (CWE-94).
Impact
An attacker who obtained administrative privileges may execute arbitrary code and disable the protection function for the program's password/system.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
The update that addresses this vulnerability is available and is automatically applied through the product's automatic ActiveUpdate feature.
Vendor Status
| Vendor | Link |
| Trend Micro Incorporated | Security Bulletin: Trend Micro Security (Consumer) Code Injection Vulnerability |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2021-25251 |
| JVN iPedia |
|