PT-2021-17883 · Trend Micro · Trend Micro Password Manager

Hieu Tran

Published

2021-04-13

Updated

2021-04-14

CVE-2021-28647

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Trend Micro Password Manager version 5 (Consumer)

Description: The issue allows an attacker to inject a malicious DLL file during the installation process, potentially executing a malicious program each time a user installs a program. This is due to a DLL Hijacking vulnerability.

Recommendations: For Trend Micro Password Manager version 5 (Consumer), consider disabling the installation functionality until a patch is available to prevent exploitation of the DLL Hijacking vulnerability.

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2021-28647

Affected Products

Trend Micro Password Manager

PT-2021-17883 · Trend Micro · Trend Micro Password Manager

CVE-2021-28647

Weakness Enumeration

Related Identifiers

Affected Products

References · 3