[Japanese]

JVNDB-2021-001122

Trend Micro Security (Consumer) vulnerable to code injection

Overview

Trend Micro Security (Consumer) provided by Trend Micro Incorporated contains a code injection vulnerability (CWE-94).

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [NVD Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 6.5 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: Single Instance
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Trend Micro, Inc.
  • Antivirus+ 2020 (v16) and 2021 (v17) for Windows
  • Internet Security 2020 (v16) and 2021 (v17) for Windows
  • Trend Micro Maximum Security 2020 (v16) and 2021 (v17) for Windows
  • Trend Micro Premium Security 2020 (v16) and 2021 (v17) for Windows

Impact

An attacker who obtained administrative privileges may execute arbitrary code and disable the protection function for the program's password/system.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.
The update that addresses this vulnerability is available and is automatically applied through the product's automatic ActiveUpdate feature.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

  1. Code Injection(CWE-94) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2021-25251
References

  1. JVN : JVNVU#99545969
  2. National Vulnerability Database (NVD) : CVE-2021-25251
Revision History

  • [2021/03/08]
      Web page was published