CVE-2021-32462

EUVD-2021-19316
Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Hazardous Function Remote Code Execution vulnerability which could allow an unprivileged client to manipulate the registry and escalate privileges to SYSTEM on affected installations. Authentication is required to exploit this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
trendmicropassword_manager
𝑥
≤ 5.0.0.1217
𝑥
= Vulnerable software versions
References
https://helpcenter.trendmicro.com/en-us/article/TMKA-10388
https://www.zerodayinitiative.com/advisories/ZDI-21-774/
https://helpcenter.trendmicro.com/en-us/article/TMKA-10388
https://www.zerodayinitiative.com/advisories/ZDI-21-774/