Trend Micro Multiple Products Local Insecure Permissions Vulnerability

Trend Micro Multiple Products Local Insecure Permissions Vulnerability

Multiple Trend Micro products are susceptible to a local insecure-permissions vulnerability. This issue is due to the applications' failure to ensure that secure permissions are applied to their application and data files.

This issue allows local unprivileged attackers to disable the security features of the affected application, aiding them in further attacks. Attackers may also overwrite arbitrary binaries that will subsequently be executed with SYSTEM-level privileges facilitating the complete compromise of affected computers.

Trend Micro PC-Cillin Internet Security versions 2005 (12.00.1244), 14 (14.00.1485) and 2006 (14.10.0.1023) are affected. Trend Micro InterScan Messaging Security Suite (IMSS) version 5.5 build 1183 is also affected. Other products and versions may also be affected.