Login Sign Up

CVE-2021-32461

7.8 HIGH
Buffer Overflow

📋 TL;DR

This vulnerability allows a local attacker with low-privileged code execution to trigger a buffer overflow via integer truncation, leading to privilege escalation on affected Trend Micro Password Manager installations. It affects consumer versions 5.0.0.1217 and below. Attackers must already have some foothold on the system to exploit this.

💻 Affected Systems

Products:
  • Trend Micro Password Manager (Consumer)
Versions: 5.0.0.1217 and below
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects consumer edition; enterprise/business editions may have different codebase.

📦 What is this software?

Password Manager by Trendmicro

View all CVEs affecting Password Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of malware, data theft, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM/administrator level, enabling lateral movement and credential harvesting.

🟢

If Mitigated

Limited impact if proper endpoint protection and least privilege principles are enforced, though local code execution could still lead to data exposure.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing local access, not remotely exploitable.
🏢 Internal Only: HIGH - Once an attacker gains initial access to a workstation, this vulnerability enables full system compromise and lateral movement.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local code execution first; ZDI advisory suggests reliable exploitation but no public PoC available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.0.1218 or later

Vendor Advisory: https://helpcenter.trendmicro.com/en-us/article/TMKA-10388

Restart Required: Yes

Instructions:

1. Open Trend Micro Password Manager. 2. Check for updates in settings. 3. Install update to version 5.0.0.1218 or later. 4. Restart computer if prompted.

🔧 Temporary Workarounds

Uninstall vulnerable software

windows

Remove Trend Micro Password Manager if not essential

Control Panel > Programs > Uninstall a program > Select Trend Micro Password Manager > Uninstall

Restrict local user privileges

windows

Implement least privilege to limit impact of local code execution

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized local code execution
  • Deploy endpoint detection and response (EDR) to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check installed version of Trend Micro Password Manager in Control Panel > Programs

Check Version:

wmic product where name="Trend Micro Password Manager" get version

Verify Fix Applied:

Verify version is 5.0.0.1218 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from Trend Micro Password Manager components
  • Failed privilege escalation attempts in Windows Event Logs

Network Indicators:

  • None - local exploitation only

SIEM Query:

EventID=4688 AND ProcessName LIKE "%Trend Micro Password Manager%" AND NewProcessName="cmd.exe" OR "powershell.exe"

📊 Metadata

CVE ID: CVE-2021-32461
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-681
Published: July 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32461, you might also want to check these:

CVE-2021-36357 9.8

This vulnerability in OpenPOWER firmware allows attackers to bypass timestamp validation checks due ...

Same vulnerability type (CWE-681)
CVE-2021-38187 9.8

This vulnerability in the anymap Rust crate allows memory corruption through unsound pointer convers...

Same vulnerability type (CWE-681)
CVE-2021-23997 8.8

This vulnerability in Mozilla Firefox involves a use-after-free condition in the font cache due to u...

Same vulnerability type (CWE-681)