Integer Truncation Privilege Escalation in Trend Micro Password Manager
CVE-2021-32461

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Password Manager
Vendor: CVE Published:; 8 July 2021

Summary

The Trend Micro Password Manager (Consumer) versions up to 5.0.0.1217 are susceptible to an Integer Truncation vulnerability that can lead to privilege escalation. This vulnerability allows a local attacker with the ability to execute low-privileged code to exploit the system. By triggering a buffer overflow, the attacker may gain elevated privileges, potentially compromising sensitive information within the affected installations. It is crucial for users to ensure their software is updated to mitigate this risk.

Affected Version(s)

Trend Micro Password Manager 5.0.0.1217 and below

References

https://helpcenter.trendmicro.com/en-us/article/TMKA-10388

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-773/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2021
Vulnerability Reserved
May 7, 2021