[Japanese]

JVNDB-2022-001800

Installer of Trend Micro HouseCall for Home Networks may insecurely load Dynamic Link Libraries

Overview

Trend Micro Incorporated has released a security update for HouseCall for Home Networks.

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products


Trend Micro, Inc.
  • Installer of Trend Micro HouseCall for Home Networks (for Windows) Versions 5.3.1302 and earlier

Impact

Installer of Trend Micro HouseCall for Home Networks contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the administrative privilege of the system.
For more information, refer to the information provided by the developer.
Solution

[Use the latest installer]
Use the latest installer provided by the developer.
Users who already have installed the software do not need to re-install, because this issue affects the installers only.
Vendor Information

Trend Micro, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2022-28339
References

  1. JVN : JVNVU#93434935
  2. JVN : JVNTA#91240916
Revision History

  • [2022/05/13]
      Web page was published