Trend Micro HouseCall for Home Networks (versions below 5.3.0.1063) could be exploited via a DLL Hijack related to a vulnerability on the packer that the program uses.

Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature.

A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account.

Trend Micro Security (Consumer) 2020 (v16.x) is affected by a vulnerability in where null pointer dereference errors result in the crash of application, which could potentially lead to possible unsigned code execution under certain circumstances.

Trend Micro Security (Consumer) 2020 (v16.0.1221 and below) is affected by a DLL hijacking vulnerability that could allow an attacker to use a specific service as an execution and/or persistence mechanism which could execute a malicious program each time the service is started.

Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device.

A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.

Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to the IUSR account, which has restricted permission and is unable to make major system changes. An attempted attack requires user authentication.

Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.