Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2021-32461 CVE-2021-32462 |
CWE-ID | CWE-190 CWE-749 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Password Manager for Windows Client/Desktop applications / Other client software |
Vendor | Trend Micro |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU54422
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32461
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer truncation vulnerability. A local user can trigger buffer overflow and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsPassword Manager for Windows: 3.8.0.1103 - 5.0.1058
External linkshttp://helpcenter.trendmicro.com/en-us/article/TMKA-10388
http://www.zerodayinitiative.com/advisories/ZDI-21-773/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU54423
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32462
CWE-ID:
CWE-749 - Exposed Dangerous Method or Function
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the affected system.
the vulnerability exists due to exposure of dangerous function. A remote client can manipulate the registry and escalate privileges to SYSTEM on the affected installations.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPassword Manager for Windows: 3.8.0.1103 - 5.0.1058
External linkshttp://helpcenter.trendmicro.com/en-us/article/TMKA-10388
http://www.zerodayinitiative.com/advisories/ZDI-21-774/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.