Login Sign Up

CVE-2021-25247

7.8 HIGH

📋 TL;DR

A DLL hijacking vulnerability in Trend Micro HouseCall for Home Networks allows local attackers to escalate privileges and execute arbitrary code by placing a malicious DLL in a location the application searches. This affects users with local access to systems running vulnerable versions. Attackers need existing user privileges to exploit this vulnerability.

💻 Affected Systems

Products:
  • Trend Micro HouseCall for Home Networks
Versions: 5.3.1063 and below
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Windows OS and local user access to place malicious DLL in application search path.

📦 What is this software?

Housecall For Home Networks by Trendmicro

View all CVEs affecting Housecall For Home Networks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of persistent malware, data theft, and lateral movement.

🟠

Likely Case

Local privilege escalation leading to unauthorized administrative access on the affected machine.

🟢

If Mitigated

Limited impact due to proper access controls preventing local user access or DLL execution restrictions.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏢 Internal Only: HIGH - Local attackers or malware with user privileges can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires local user privileges and ability to place DLL in specific directory. DLL hijacking is a well-known technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.3.1064 or later

Vendor Advisory: https://helpcenter.trendmicro.com/en-us/article/TMKA-10180

Restart Required: Yes

Instructions:

1. Download latest version from Trend Micro website. 2. Run installer to update. 3. Restart system to ensure changes take effect.

🔧 Temporary Workarounds

Restrict DLL loading from untrusted directories

windows

Use Windows policies to restrict DLL loading from user-writable directories

Configure Windows AppLocker or Software Restriction Policies

Remove unnecessary user privileges

windows

Limit local user permissions to prevent DLL placement in application directories

Use Windows Group Policy to restrict write access to program directories

🧯 If You Can't Patch

  • Uninstall Trend Micro HouseCall for Home Networks if not required
  • Implement strict access controls to prevent local users from writing to application directories

🔍 How to Verify

Check if Vulnerable:

Check Help > About in HouseCall application for version number. If version is 5.3.1063 or below, system is vulnerable.

Check Version:

Not applicable - check via application GUI

Verify Fix Applied:

Verify version is 5.3.1064 or higher in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing DLL loading from unusual locations
  • Process creation events from HouseCall with unexpected parent processes

Network Indicators:

  • Unusual outbound connections from HouseCall process

SIEM Query:

Process creation where (parent_process contains 'housecall' OR image contains 'housecall') AND command_line contains '.dll'

📊 Metadata

CVE ID: CVE-2021-25247
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: January 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25247, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)