Memory Exhaustion Vulnerability in Trend Micro Virus Scan API and Advanced Threat Scan Engine
CVE-2021-25252

5.5MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Virus Scan Api (vSAPi) Engine
Vendor: CVE Published:; 3 March 2021

Summary

The Virus Scan API and Advanced Threat Scan Engine by Trend Micro are susceptible to a memory exhaustion vulnerability. When exploited, an attacker can craft a malicious file that leads to system freeze or denial-of-service, severely disrupting operations. Organizations using these products are advised to assess their systems for this vulnerability and implement necessary safeguards to prevent potential exploitation.

Affected Version(s)

Trend Micro Virus Scan API (VSAPI) Engine 12.0

References

https://success.trendmicro.com/solution/000285675

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2021
Vulnerability Reserved
Jan 15, 2021