JVNDB-2016-000166

Trend Micro Internet Security vulnerability where files may be excluded as scan targets

Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met.

* An attacker can place a specific file into the system
* The attacker can execute a specific API from the specific file

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Trend Micro Incorporated coordinated under the Information Security Early Warning Partnership.

Trend Micro, Inc.

• Trend Micro Internet Security 8
• Trend Micro Internet Security 10

An arbitrary file or folder may be excluded as scan targets. As a result, the product may not be able to detect behavior of an unauthorized program.

[Upgrade the Software]
According to the developer, Trend Micro Internet Security 11 is not affected by this vulnerability.
Upgrade to Trend Micro Internet Security 11 or later according to the information provided by the developer.

[Apply the Update Module]
Apply the Update Module according to the information provided by the developer.
According to the developer, the Update Module is applied automatically when the system connects to the Internet.
For information on how to apply the Update Module manually, or how to check whether the module has been applied, refer to the information provided by the developer.

Trend Micro, Inc.

• Trend Micro Homepage (Japan) : About the Vulnerability of Trend Micro Internet Security (July) (in Japanese)

1. No Mapping(CWE-Other) [IPA Evaluation]

1. JVN : JVN#98126322

• [2016/09/16]
    Web page was published