SB2021122904 - Multiple vulnerabilities in Trend Micro Worry-Free Business Security
Published: December 29, 2021 Updated: January 6, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Link following (CVE-ID: CVE-2021-44024)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link and overwrite arbitrary files with SYSTEM privileges.
2) Link following (CVE-ID: CVE-2021-45231)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure link following. A local user
can create a specially crafted symbolic link and overwrite arbitrary
files with arbitrary content. Successful exploitation of the vulnerability may result in execution of arbitrary code with elevated privileges.
3) Execution with unnecessary privileges (CVE-ID: CVE-2021-45440)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to execution of.code with unnecessary privileges A local low-privileged user can run a specially crafted program to abuse an impersonation privilege and execute arbitrary code with elevated privileges.
4) Link following (CVE-ID: CVE-2021-45442)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure link following. A local user can create a specially crafted symbolic link and overwrite arbitrary files with SYSTEM privileges.Remediation
Install update from vendor's website.