Release Date: April 08, 2022
Trend Micro Vulnerability Identifier: CVE-2022-28339
Platform(s): Windows
Summary
Trend Micro has released a new version of Trend Micro HouseCall for Home Networks that resolves an uncontrolled search path element privilege escalation vulnerability.
Affected version(s)
| PRODUCT | AFFECTED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| HouseCall for Home Networks | Version 5.3.1302 | Microsoft Windows | English |
Solution
Trend Micro has released the following version to resolve this issue:
| PRODUCT | UPDATED VERSION(S) | PLATFORM | LANGUAGE(S) |
|---|---|---|---|
| HouseCall for Home Networks | Version 5.3.1308 | Microsoft Windows | English |
Vulnerability Details
Trend Micro HouseCall for Home Networks version 5.3.1302 and below contains an uncontrolled search patch element vulnerability that could allow an attacker with low user privileges to create a malicious DLL that could lead to escalated privileges.
Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.
Mitigating Factors
None identified. Customers are advised to ensure they always have the latest version of the program.
Acknowledgment
Trend Micro would like to thank Xavier Danest - Decathlon working with Trend Micro Zero Day Initiative (ZDI) for responsibly disclosing this issue and working with Trend Micro to help protect our customers.
Additional Assistance
Customers who have questions are encouraged to contact Trend Micro Technical Support for further assistance.
External Reference
- ZDI-CAN-16316