Google security researcher, Tavis Ormandy has found bugs in
Password Manager of global security software company, Trend Micro.
Password Manager is a component installed by default with
Trend Micro’s Premium Security and Maximum Security home products.
Ormandy informed Trend Micro about his findings on January
05.
The bug which is primarily written in JavaScript with
node.js could allow remote code execution by any website and steal all passwords
of a user. He also noted that it was also possible to bypass Internet
Explorer’s Mark of the web (MOTW) security feature and execute commands without
letting the victim receive any notification.
Ormandy took 30 seconds to identify an API that could be
leveraged for remote code execution (RCE). Overall, Ormandy found over 70 APIs exposed to the Internet.
Exploiting a vulnerability can give an attacker deep access
to a computer.
Several serious vulnerabilities have been found in the last
seven months in antivirus products from vendors including Kaspersky Lab, ESET,
Avast, AVG Technologies, Intel Security (formerly McAfee) and Malwarebytes.