Views:

Release Date: April 08, 2022

Trend Micro Vulnerability Identifier: CVE-2022-28339

Platform(s): Windows

Summary

Trend Micro has released a new version of Trend Micro HouseCall for Home Networks that resolves an uncontrolled search path element privilege escalation vulnerability.

Affected version(s)

PRODUCT AFFECTED VERSION(S) PLATFORM LANGUAGE(S)
HouseCall for Home Networks Version 5.3.1302 Microsoft Windows English

Solution

Trend Micro has released the following version to resolve this issue:

PRODUCT UPDATED VERSION(S) PLATFORM LANGUAGE(S)
HouseCall for Home Networks Version 5.3.1308 Microsoft Windows English

Vulnerability Details

Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.

Mitigating Factors

None identified. Customers are advised to ensure they always have the latest version of the program.

Acknowledgment

Trend Micro would like to thank Xavier Danest - Decathlon working with Trend Micro Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.

Additional Assistance

Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.

External Reference

  • ZDI-CAN-16316