Trend Micro Worry-Free Business Security Local DoS via Symbolic Link (CVE-2021-45442)

CVE ID: CVE-2021-45442 CVSS Score: 6.1, AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Affected Vendors: Trend Micro Affected Products: Worry-Free Business Security Vulnerability Details: - Allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Worry-Free Business Security. - Exploitation requires the ability to execute low-privileged code on the target system. - Flaw exists within the Trend Micro Security Agent Listener service. - Attackers can create a symbolic link to overwrite a file and leverage this to create a denial-of-service condition. Additional Details: Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/000289996 Disclosure Timeline: - 2021-08-18: Vulnerability reported to vendor - 2022-01-06: Coordinated public release of advisory Credit: Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative

Goal Reached Thanks to every supporter — we hit 100%!

Trend Micro Worry-Free Business Security Local DoS via Symbolic Link (CVE-2021-45442)