Lynn And Lays

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One and Apex One as a Service (affected versions not specified) **Description** The issue is related to an untrusted search path vulnerability in the security agent of Trend Micro Apex One and Apex One as a Service. This could allow a local attacker to escalate their privileges on affected installations, but the attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability enables a potential attacker to elevate their privileges and execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One Security Agent (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** The issue is related to the use of dangerous methods or functions in the Trend Micro Apex One and Apex One as a Service security agents. Exploitation of this issue may allow an attacker to escalate privileges and execute arbitrary code. **Recommendations** For Trend Micro Apex One Security Agent, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The issue is related to the lack of proper locking when performing file operations, which could allow an attacker to execute arbitrary code and elevate their privileges. **Recommendations** For Trend Micro Apex One, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** An incorrect permission assignment issue could allow a local attacker to load a DLL with escalated privileges on affected installations. The attacker must first obtain the ability to execute low-privileged code on the target system to exploit this issue. **Recommendations** For Trend Micro Apex One, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Trend Micro Apex One as a Service, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One (affected versions not specified) Trend Micro Apex One as a Service (affected versions not specified) **Description** The issue is related to an incorrect permission assignment, which could allow a local attacker to load a DLL with escalated privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Apex One versions (affected versions not specified) Trend Micro Apex One as a Service versions (affected versions not specified) Trend Micro OfficeScan XG SP1 versions (affected versions not specified) **Description** The issue is related to an incorrect permission assignment in the software, which could allow a local attacker to escalate privileges on affected installations. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system. The vulnerability is associated with insufficient permission checks for a critical resource, which can be exploited to elevate privileges. **Recommendations** For Trend Micro Apex One, apply the necessary patches or updates to fix the incorrect permission assignment issue. For Trend Micro Apex One as a Service, apply the necessary patches or updates to fix the incorrect permission assignment issue. For Trend Micro OfficeScan XG SP1, apply the necessary patches or updates to fix the incorrect permission assignment issue. As a temporary workaround, consider restricting access to critical resources until a patch is available.