|
[Japanese]
|
JVNDB-2021-001374
|
Trend Micro Password Manager may insecurely load Dynamic Link Libraries
|
|
Password Manager provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 7.8 (High) [NVD Score]
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 4.4 (Medium) [NVD Score]
- Access Vector: Local
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Trend Micro, Inc.
- Password Manager 5.x for Windows prior to versions 5.0.0.1217
|
|
|
During the installation of the product, arbitrary program may be executed with the privilege of the user invoking the installer.
|
|
[Update the Software]
If the product is already installed, update to the latest version according to the information provided by the developer.
The update that addresses this vulnerability is available and is automatically applied through the product's ActiveUpdate automatic update feature.
The issue is addressed in the following version:
* Password Manager for Windows 5.0.0.1217
[Use the latest version]
Use the latest version when installing the product.
|
|
Trend Micro, Inc.
|
|
- Uncontrolled Search Path Element(CWE-427) [NVD Evaluation]
|
|
- CVE-2021-28647
|
|
- JVN : JVNVU#98074915
- JVN : JVNTA#91240916
- National Vulnerability Database (NVD) : CVE-2021-28647
|
|
- [2021/04/20]
Web page was published
|
