Trend Micro has patched a couple of security flaws in its Password Manager credential management product that gave attackers a way to escalate privileges and gain persistence on systems running the software.
In a security advisory Wednesday, the security vendor described the issue as involving two DLL hijacking vulnerabilities in the company's stand-alone version of the product and the version that comes integrated with the latest version of its anti-malware suite.
One of the now-patched vulnerabilities (CVE-2019-14684) would have allowed an attacker to load an arbitrary file with malicious code into the password manager. The other separate but similar vulnerability (CVE-2019-14687), also allowed attackers to load malicious code but using a different DLL.
The flaws existed in Trend Micro's 2019 versions of Password Manager, Maximum Security, and Premium ..