CVE-2021-36744 – Trend Micro Maximum Security Directory Junction Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-36744
Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service. Trend Micro Security (Consumer) versiones 2021 y 2020, son vulnerables a una vulnerabilidad de salto de directorios que podría permitir a un atacante explotar el sistema para escalar privilegios y crear una denegación de servicio. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Maximum Security Agent. By creating a directory junction, an attacker can abuse the service to delete a file. • https://helpcenter.trendmicro.com/en-us/article/tmka-10568 https://www.zerodayinitiative.com/advisories/ZDI-21-1052 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-25251
https://notcve.org/view.php?id=CVE-2021-25251
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability. Las familias de productos de consumo Trend Micro Security 2020 y 2021, son vulnerables a una vulnerabilidad de inyección de código que podría permitir a un atacante desactivar la protección con contraseña del programa y desactivar la protección. Un atacante ya debe tener privilegios de administrador en la máquina para explotar esta vulnerabilidad • https://helpcenter.trendmicro.com/en-us/article/TMKA-10211 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2020-27697
https://notcve.org/view.php?id=CVE-2020-27697
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar una DLL maliciosa en una ubicación no protegida con altos privilegios (ataque de tipo symlink) que puede conllevar a una obtención de privilegios administrativos durante la instalación del producto • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2020-27695
https://notcve.org/view.php?id=CVE-2020-27695
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer), contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar una DLL maliciosa en un directorio local que puede conllevar a una obtención de privilegios administrativos durante la instalación del producto • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 • CWE-426: Untrusted Search Path •
CVE-2020-27696
https://notcve.org/view.php?id=CVE-2020-27696
Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product. Trend Micro Security 2020 (Consumer) contiene una vulnerabilidad en el paquete de instalación que podría ser explotada al colocar un directorio de sistema de Windows específico que puede conllevar a una obtención de privilegios administrativos durante la instalación del producto • https://helpcenter.trendmicro.com/en-us/article/TMKA-10036 •