CVE-2021-32461 – Trend Micro Password Manager Integer Truncation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-32461
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Truncation Privilege Escalation vulnerability which could allow a local attacker to trigger a buffer overflow and escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Escalada de Privilegios por Truncamiento de Enteros que podría permitir a un atacante local desencadenar un desbordamiento de búfer y una escalada de privilegios en las instalaciones afectadas. Un atacante debe obtener primero la capacidad de ejecutar código poco privilegiado en el sistema objetivo para poder explotar esta vulnerabilidad This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 https://www.zerodayinitiative.com/advisories/ZDI-21-773 • CWE-681: Incorrect Conversion between Numeric Types •
CVE-2021-32462 – Trend Micro Password Manager Exposed Dangerous Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-32462
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability. Trend Micro Password Manager (Consumer) versiones 5.0.0.1217 y por debajo es susceptible a una vulnerabilidad de Ejecución de Código Remota de Función Peligrosa Expuesta que podría permitir a un cliente no privilegiado manipular el registro y escalar privilegios para SYSTEM en las instalaciones afectadas. Es requerida la autenticación para explotar esta vulnerabilidad This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Password Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. • https://helpcenter.trendmicro.com/en-us/article/TMKA-10388 https://www.zerodayinitiative.com/advisories/ZDI-21-774 •
CVE-2020-27020
https://notcve.org/view.php?id=CVE-2020-27020
Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information (for example, time of password generation). La funcionalidad password generator del programa Kaspersky Password Manager no era completamente segura desde el punto de vista criptográfico, y en algunos casos potencialmente permitía a un atacante predecir las contraseñas generadas. Un atacante necesitaría conocer información adicional (por ejemplo, el momento de la generación de la contraseña) • https://support.kaspersky.com/general/vulnerability.aspx?el=12430#270421 • CWE-326: Inadequate Encryption Strength •
CVE-2021-28647
https://notcve.org/view.php?id=CVE-2021-28647
Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program. Trend Micro Password Manager versión 5 (Consumer) es vulnerable a una vulnerabilidad de secuestro DLL que podría permitir a un atacante inyectar un archivo DLL malicioso durante el progreso de la instalación y podría ejecutar un programa malicioso cada vez que un usuario instala un programa • https://helpcenter.trendmicro.com/en-us/article/TMKA-10282 • CWE-427: Uncontrolled Search Path Element •
CVE-2020-8469
https://notcve.org/view.php?id=CVE-2020-8469
Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation. Trend Micro Password Manager for Windows versión 5.0, está afectado por una vulnerabilidad de secuestro de DLL, que podría potencialmente permitir a un atacante una escalada privilegiada. • http://seclists.org/fulldisclosure/2020/Jun/30 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124168.aspx • CWE-427: Uncontrolled Search Path Element •