SB2021072812 - Multiple vulnerabilities in Trend Micro Worry-Free Business Security

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Arbitrary file upload (CVE-ID: CVE-2021-36741)

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload within the product’s management console . A remote user can upload a malicious file and execute it on the server.

Note, the vulnerability is being actively exploited in the wild.

2) Buffer overflow (CVE-ID: CVE-2021-36742)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can run a specially crafted program to trigger memory corruption and execute arability code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

References

• https://success.trendmicro.com/solution/000287820"
• https://success.trendmicro.com/solution/000287820</a></p><p>
• https://files.trendmicro.com/documentation/wfbs/10.0/WFBS_100_SP1_WIN_ALL_Patch_2329.txt</p><p><br></p>