PT-2021-5668 · Trend Micro · Trend Micro Security

Izobashi

Published

2021-07-13

Updated

2021-12-20

CVE-2021-44023

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro Security (Consumer) 2021 family of products

Description A link following denial-of-service issue could allow an attacker to abuse the PC Health Checkup feature to create symlinks, enabling modification of files and potentially leading to a denial-of-service. The vulnerability is related to errors in handling symbolic links in the Platinum Host Service (PtSvcHost.exe) of Trend Micro Security.

Recommendations For Trend Micro Security (Consumer) 2021, consider disabling the PC Health Checkup feature until a patch is available to prevent exploitation. Restrict access to the Platinum Host Service (PtSvcHost.exe) to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2022-00107

CVE-2021-44023

ZDI-21-1536

Affected Products

Trend Micro Security

PT-2021-5668 · Trend Micro · Trend Micro Security

CVE-2021-44023

Weakness Enumeration

Related Identifiers

Affected Products

References · 6