CVE-2022-38764 – Trend Micro HouseCall Incorrect Permission Assignment Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2022-38764

A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer. Una vulnerabilidad en Trend Micro HouseCall versiones 1.62.1.1133 y anteriores, podría permitir a un atacante local escalar los privilegios debido a una carpeta demasiado permisiva en el instalador del producto This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions set on product folders created by the installer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. • https://helpcenter.trendmicro.com/en-us/article/tmka-11092 https://www.zerodayinitiative.com/advisories/ZDI-22-1178 • CWE-276: Incorrect Default Permissions •