Security Bulletin: June 2021 Security Bulletin for Trend Micro Password Manager

You’re offline. This is a read only version of the page.

🔍 Discover the added advantages of Trend Micro Premium Services and see how they can enhance your Trend Micro experience and protection. Explore your options here.

Views:

Bulletin Date: June 29, 2021

CVE Vulnerability Identifiers: CVE-2021-32461, CVE-2021-32462

Platform: Microsoft Windows

CVSSv3 Scores: 7.0 - 8.8

Severity Rating: High

Summary

Trend Micro has released a new version for the Trend Micro Password Manager for Windows family of consumer products which resolves two vulnerabilities related to Integer Truncation Privilege Escalation and Exposed Hazardous Function Remote Code Execution.

Affected versions

PRODUCT	AFFECTED VERSION	PLATFORM	LANGUAGE(S)
Trend Micro Password Manager	5.0.0.1217 and below	Microsoft Windows	English

Solution

PRODUCT	UPDATED VERSION	PLATFORM	LANGUAGE(S)
Trend Micro Password Manager	5.0.0.1223	Microsoft Windows	English

Trend Micro has released an update via the product’s ActiveUpdate automatic update mechanism to resolve this issue. Your Trend Micro Password Manager program should receive the update automatically as long as your computer is connected to the Internet.

Customers who have not yet gotten the update can install the latest version manually to address the issue.

Vulnerability Details

CVE-2021-32461: Integer Truncation Privilege Escalation

CVSSv3: 7.0: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow an unprivileged local attacker to trigger a buffer overflow and escalate privileges on affected installations.

CVE-2021-32462: Exposed Hazardous Function Remote Code Execution

CVSSv3: 8.8: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations.

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

Simon Zuckerbraun of Trend Micro’s Zero Day Initiative

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

External References

ZDI-CAN-13319
ZDI-CAN-13363

Keywords: CVE-2021-32461, CVE-2021-32462

Comments (0)

This website uses cookies for website functionality and traffic analytics. Our Cookie Notice provides more information and explains how to amend your cookie settings.

LAST UPDATED: JUN 29, 2021

Bulletin Date: June 29, 2021

CVE Vulnerability Identifiers: CVE-2021-32461, CVE-2021-32462

Platform: Microsoft Windows

CVSSv3 Scores: 7.0 - 8.8

Severity Rating: High

Summary

Affected versions

PRODUCT	AFFECTED VERSION	PLATFORM	LANGUAGE(S)
Trend Micro Password Manager	5.0.0.1217 and below	Microsoft Windows	English

Solution

PRODUCT	UPDATED VERSION	PLATFORM	LANGUAGE(S)
Trend Micro Password Manager	5.0.0.1223	Microsoft Windows	English

Customers who have not yet gotten the update can install the latest version manually to address the issue.

Vulnerability Details

CVE-2021-32461: Integer Truncation Privilege Escalation

CVSSv3: 7.0: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-32462: Exposed Hazardous Function Remote Code Execution

CVSSv3: 8.8: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Trend Micro has received no reports nor is aware of any actual attacks against the affected product related to this vulnerability at this time.

Acknowledgement

Trend Micro would like to thank the following individuals for responsibly disclosing the issue and working with Trend Micro to help protect our customers:

Simon Zuckerbraun of Trend Micro’s Zero Day Initiative

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

External References

ZDI-CAN-13319
ZDI-CAN-13363

How helpful was this article?

It was very unhelpful.
It wasn't helpful at all.
It was not helpful.
Somewhat helpful.
Just okay.
Just okay.
It was helpful.
It was somewhat helpful.
It was very helpful.
It was helpful.

Thank you for your feedback!

Feedback entity isn't available at the moment. Try again later.

🌟 Get Uninterrupted Support When You Need It Most 🌟

Security Bulletin: June 2021 Security Bulletin for Trend Micro Password Manager

Summary

Affected versions

Solution

Vulnerability Details

Acknowledgement

Additional Assistance

External References

Modal header

Summary

Affected versions

Solution

Vulnerability Details

Acknowledgement

Additional Assistance

External References