Trendmicro Maximum Security 2021 vulnerabilities

CVE-2023-28929 [HIGH] CWE-427 CVE-2023-28929: Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started.

CVE-2021-44023 [HIGH] CWE-59 CVE-2021-44023: A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 f A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.

CVE-2021-36744 [HIGH] CWE-59 CVE-2021-36744: Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability w Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a directory junction vulnerability which could allow an attacker to exploit the system to escalate privileges and create a denial of service.

CVE-2021-32460 [HIGH] CWE-732 CVE-2021-32460: The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access con The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.

CVE-2021-25251 [HIGH] CWE-94 CVE-2021-25251: The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code inject The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.