CVE-2021-44023
Trend Micro Maximum Security Link Following Denial-of-Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.
Una vulnerabilidad de denegación de servicio (DoS) en la familia de productos Trend Micro Security (Consumer) versión 2021, podría permitir a un atacante abusar de la función PC Health Checkup del producto para crear enlaces simbólicos que permitirían la modificación de archivos, lo que podría conllevar a una denegación de servicio
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Platinum Host Service. By creating a symbolic link, an attacker can abuse the service to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-18 CVE Reserved
- 2021-12-14 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-21-1536 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://helpcenter.trendmicro.com/en-us/article/tmka-10867 | 2021-12-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Antivirus\+ Security 2021 Search vendor "Trendmicro" for product "Antivirus\+ Security 2021" | <= 17.0 Search vendor "Trendmicro" for product "Antivirus\+ Security 2021" and version " <= 17.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Trendmicro Search vendor "Trendmicro" | Internet Security 2021 Search vendor "Trendmicro" for product "Internet Security 2021" | <= 17.0 Search vendor "Trendmicro" for product "Internet Security 2021" and version " <= 17.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Trendmicro Search vendor "Trendmicro" | Maximum Security 2021 Search vendor "Trendmicro" for product "Maximum Security 2021" | <= 17.0 Search vendor "Trendmicro" for product "Maximum Security 2021" and version " <= 17.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
Trendmicro Search vendor "Trendmicro" | Premium Security 2021 Search vendor "Trendmicro" for product "Premium Security 2021" | <= 17.0 Search vendor "Trendmicro" for product "Premium Security 2021" and version " <= 17.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|