All the vulnerabilites related to trendmicro - antivirus\+_security_2021
Vulnerability from fkie_nvd
Published
2021-02-10 22:15
Modified
2024-11-21 05:54
Severity ?
Summary
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_security_2020 | 16.0 | |
| trendmicro | antivirus\+_security_2021 | 17.0 | |
| trendmicro | internet_security_2020 | 16.0 | |
| trendmicro | internet_security_2021 | 17.0 | |
| trendmicro | maximum_security_2020 | 16.0 | |
| trendmicro | maximum_security_2021 | 17.0 | |
| trendmicro | premium_security_2020 | 16.0 | |
| trendmicro | premium_security_2021 | 17.0 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35B16D47-D892-4407-B413-C53604E54DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2021:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB376CE-FD04-446D-BDFB-DD30C5277E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87EC00B5-27FD-495A-A810-4B5B7B542E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2021:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F54EDFC-AA74-4407-92AF-BE5A2E9EB8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18879524-F7E4-4FB2-83F1-9C12FC973358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2021:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "769EDF57-123C-4FE7-93F3-8B773F5D17C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2020:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADF0773-F24D-4E70-A41F-6834F60A1282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2021:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D77BEF92-897E-4B1E-8F34-A94E238609E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program\u0027s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability."
},
{
"lang": "es",
"value": "Las familias de productos de consumo Trend Micro Security 2020 y 2021, son vulnerables a una vulnerabilidad de inyecci\u00f3n de c\u00f3digo que podr\u00eda permitir a un atacante desactivar la protecci\u00f3n con contrase\u00f1a del programa y desactivar la protecci\u00f3n.\u0026#xa0;Un atacante ya debe tener privilegios de administrador en la m\u00e1quina para explotar esta vulnerabilidad"
}
],
"id": "CVE-2021-25251",
"lastModified": "2024-11-21T05:54:37.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-10T22:15:13.703",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-26 22:15
Modified
2024-11-21 07:56
Severity ?
Summary
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0F9724-D955-435A-AA01-88DC5D097202",
"versionEndIncluding": "17.0.1412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98F87CB2-043E-4840-9BDB-94DEADDB45B5",
"versionEndIncluding": "17.0.1412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52BED273-F568-44A6-A4E6-EA47DEE456AA",
"versionEndIncluding": "17.0.1412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD1356F4-D159-4B8B-826C-4924BD2704C2",
"versionEndIncluding": "17.0.1412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6FC368-0C19-4305-B795-C6B8D1762C04",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1430D6-5373-4B65-A178-3F9AA3BC59F7",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA389598-92CB-4FD5-8589-B4BDC8E6B304",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3517E4-310E-4018-8AAF-79276A1FBD27",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35E7CA3C-D4DF-4AAF-95FE-797B2D39A96D",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C50CA3-D54A-4C3D-9FE3-0CB2D112A488",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A9A81B-252B-463D-BD28-7EF505009468",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2023:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90E3DEF9-B144-441A-8A00-BC1D4EAD9DB0",
"versionEndIncluding": "17.7.1476",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
}
],
"id": "CVE-2023-28929",
"lastModified": "2024-11-21T07:56:14.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-26T22:15:09.733",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-16 03:15
Modified
2024-11-21 06:30
Severity ?
Summary
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@trendmicro.com | https://helpcenter.trendmicro.com/en-us/article/tmka-10867 | Vendor Advisory | |
| security@trendmicro.com | https://www.zerodayinitiative.com/advisories/ZDI-21-1536/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://helpcenter.trendmicro.com/en-us/article/tmka-10867 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-21-1536/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trendmicro | antivirus\+_security_2021 | * | |
| trendmicro | internet_security_2021 | * | |
| trendmicro | maximum_security_2021 | * | |
| trendmicro | premium_security_2021 | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trendmicro:antivirus\\+_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9D307B-BADF-4D78-BC77-9C33A831E752",
"versionEndIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:internet_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0038506-1DFA-4D5A-9C3A-7F873350F4E2",
"versionEndIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:maximum_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDEB77E-5E10-4F01-9541-E6E7662672B4",
"versionEndIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trendmicro:premium_security_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BEA7177-A590-4124-AEBB-A921BA012C39",
"versionEndIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la familia de productos Trend Micro Security (Consumer) versi\u00f3n 2021, podr\u00eda permitir a un atacante abusar de la funci\u00f3n PC Health Checkup del producto para crear enlaces simb\u00f3licos que permitir\u00edan la modificaci\u00f3n de archivos, lo que podr\u00eda conllevar a una denegaci\u00f3n de servicio"
}
],
"id": "CVE-2021-44023",
"lastModified": "2024-11-21T06:30:14.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-16T03:15:10.073",
"references": [
{
"source": "security@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10867"
},
{
"source": "security@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1536/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1536/"
}
],
"sourceIdentifier": "security@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-25251
Vulnerability from cvelistv5
Published
2021-02-10 22:00
Modified
2024-08-03 19:56
Severity ?
EPSS score ?
Summary
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/TMKA-10211 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2020 (v16), 2021 (v17) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)\r\n",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2020 (v16), 2021 (v17)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program\u0027s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T17:34:49",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-25251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)\r\n",
"version": {
"version_data": [
{
"version_value": "2020 (v16), 2021 (v17)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program\u0027s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-10211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-25251",
"datePublished": "2021-02-10T22:00:15",
"dateReserved": "2021-01-15T00:00:00",
"dateUpdated": "2024-08-03T19:56:11.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44023
Vulnerability from cvelistv5
Published
2021-12-16 02:28
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://helpcenter.trendmicro.com/en-us/article/tmka-10867 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1536/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro | Trend Micro Security (Consumer) |
Version: 2021 (v17) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10867"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1536/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro",
"versions": [
{
"status": "affected",
"version": "2021 (v17)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Link Following Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-16T02:28:35",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10867"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1536/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2021-44023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2021 (v17)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Link Following Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-10867",
"refsource": "MISC",
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-10867"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1536/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1536/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2021-44023",
"datePublished": "2021-12-16T02:28:35",
"dateReserved": "2021-11-18T00:00:00",
"dateUpdated": "2024-08-04T04:10:17.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28929
Vulnerability from cvelistv5
Published
2023-06-26 21:52
Modified
2024-12-05 15:46
Severity ?
EPSS score ?
Summary
Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Trend Micro, Inc. | Trend Micro Security (Consumer) |
Version: 2023 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:trend_micro_inc:trend_micro_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "trend_micro_security",
"vendor": "trend_micro_inc",
"versions": [
{
"lessThan": "17.7.1634",
"status": "affected",
"version": "2023",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T15:42:15.626436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T15:46:07.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trend Micro Security (Consumer)",
"vendor": "Trend Micro, Inc.",
"versions": [
{
"lessThan": "17.7.1634",
"status": "affected",
"version": "2023",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started."
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T21:52:22.423Z",
"orgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"shortName": "trendmicro"
},
"references": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-19062"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7f7bd7df-cffe-4fdb-ab6d-859363b89272",
"assignerShortName": "trendmicro",
"cveId": "CVE-2023-28929",
"datePublished": "2023-06-26T21:52:22.423Z",
"dateReserved": "2023-03-27T22:16:25.202Z",
"dateUpdated": "2024-12-05T15:46:07.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}