Severity
High
Analysis Summary
CVE-2021-32461
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Password Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. The issue results from the lack of proper validation of user-supplied data, which can result in an integer truncation before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
CVE-2021-32462
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Password Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the Trend Micro Password Manager Central Control Service. The issue results from the exposure of a dangerous method or function to unprivileged users. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Impact
- Privilege Escalation
- Code Execution
Affected Vendors
Trend Micro
Affected Products
Password Manager 5.0.0.1217 and below
Remediation
Apply the latest patches released by Trend Micro at