JVNDB-2022-001404

[Japanese]
JVNDB-2022-001404
Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries
Overview
Trend Micro Incorporated has released a security update for Trend Micro Password Manager. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products

Trend Micro, Inc. Password Manager version 5.0.0.1262 and earlier

Impact
A local attacker may obtain the administrative privilege when the product's installer is running. For more information, refer to the information provided by the developer.
Solution
[Use the latest installer] Use the latest installer provided by the developer. Users who already have installed the software do not need to re-install, because this issue affects the installers only.
Vendor Information
Trend Micro, Inc. Trend Micro : Security Bulletin: Trend Micro Password Manager Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2022-26337
References
JVN : JVNVU#96777901 JVN : JVNTA#91240916
Revision History
[2022/03/11] Web page was published

Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries