Categories
privacy security

TrendMicro software allows arbitrary command execution

Also mentioned here, the reported anti-virus software is so full of holes that it should strike fear in any company using TrendMicro Antivirus right now. Not only does it allow privileged command execution, it also exposes passwords that you store using the Password Manager.

The way I see it, it’s a combination of incompetence and lack of proper supervisory oversight. It’s exactly the kind of thing that will result if you ask a developer to just meet the specs, where the specs doesn’t talk about hygiene factors such as security etc.

Source: Issue 693 – google-security-research – TrendMicro node.js HTTP server listening on localhost can execute commands – Google Security Research – Google Project Hosting