CVE-2021-45442

January 14, 2022

A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Summary:

A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Reference Links(if available):

  • https://success.trendmicro.com/solution/000289996
  • https://www.zerodayinitiative.com/advisories/ZDI-22-015/

  • CVSS Score (if available)

    v2: / HIGH

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    CISA Logo

    CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

    April 19, 2024
    alerts

    Cryptographic Vulnerability in PuTTY

    April 19, 2024
    Basta

    Black Basta Ransomware Victim: fluenthome[.]com

    April 19, 2024
    Basta

    Black Basta Ransomware Victim: macphie[.]com

    April 19, 2024
    Basta

    Black Basta Ransomware Victim: columbiapipe[.]com

    April 19, 2024