Trend Micro password manager had remote command execution holes and dumped data to anyoneJanuary 12, 2016 – 5:42 AM
A password management tool installed by default alongside Trend Micro AntiVirus was found vulnerable to remote code execution thanks to the work of Google’s Project Zero security team.
“It’s even possible to bypass MOTW [Mark of the Web], and spawn commands without any prompts whatsoever.”
According to the security researcher, even after Trend Micro issued an initial fix, the product still exposed nearly 70 API calls to the internet.
“I happened to notice that the /api/showSB endpoint will spawn an ancient build of Chromium (version 41) with –disable-sandbox. To add insult to injury, they append ‘(Secure Browser)’ to the UserAgent.”, Ormandy said.