CVE-2019-14687
https://notcve.org/view.php?id=CVE-2019-14687
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14684. Existe una vulnerabilidad de secuestro de DLL en Trend Micro Password Manager 5.0 en el que, si se explota, permitiría a un atacante cargar una DLL arbitraria sin firmar en el proceso del servicio firmado. Este proceso es muy similar, pero no idéntico al CVE-2019-14684. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx https://medium.com/%40infiniti_css/fa839acaad59 • CWE-427: Uncontrolled Search Path Element •
CVE-2019-14684
https://notcve.org/view.php?id=CVE-2019-14684
A DLL hijacking vulnerability exists in Trend Micro Password Manager 5.0 in which, if exploited, would allow an attacker to load an arbitrary unsigned DLL into the signed service's process. This process is very similar, yet not identical to CVE-2019-14687. Existe una vulnerabilidad de secuestro de DLL en Trend Micro Password Manager 5.0 en el que, si se explota, permitiría a un atacante cargar una DLL arbitraria sin firmar en el proceso del servicio firmado. Este proceso es muy similar, pero no idéntico al CVE-2019-14687. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM • CWE-427: Uncontrolled Search Path Element •
CVE-2016-3987 – Trend Micro - node.js HTTP Server Listening on localhost Can Execute Commands
https://notcve.org/view.php?id=CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB. El servidor HTTP en Trend Micro Password Manager permite a servidores web remotos ejecutar comandos arbitrarios a través del parámetro url en (1) api/openUrlInDefaultBrowser o (2) api/showSB. • https://www.exploit-db.com/exploits/39218 http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager http://packetstormsecurity.com/files/135222/TrendMicro-Node.js-HTTP-Server-Command-Execution.html http://www.securitytracker.com/id/1034662 https://code.google.com/p/google-security-research/issues/detail?id=693 • CWE-284: Improper Access Control •