CVE-2021-25247: 
Trend Micro HouseCall for Home Networks vulnerability analysis and mitigation

A DLL hijacking vulnerability was discovered in Trend Micro HouseCall for Home Networks version 5.3.1063 and below. The vulnerability was disclosed on January 26, 2021, and assigned identifier CVE-2021-25247. This security flaw affects Microsoft Windows systems and received a CVSS v3.1 base score of 7.8 (HIGH) (NVD).

The vulnerability allows an attacker to use a malicious DLL to escalate privileges and perform arbitrary code execution. The issue has been classified as CWE-427 (Uncontrolled Search Path Element) according to the Common Weakness Enumeration system. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access required with low attack complexity (NVD).

If successfully exploited, this vulnerability could allow an attacker to escalate privileges and execute arbitrary code on the affected system. However, it's important to note that an attacker must already have user privileges on the machine to exploit this vulnerability (Trend Micro Advisory).

Trend Micro has released version 5.3.1179 of HouseCall for Home Networks to address this vulnerability. Users of affected versions are advised to upgrade to the patched version (Trend Micro Advisory).

The vulnerability was responsibly disclosed by security researcher Tuan Vu Pham (aka LangTuBongDem), a member of STeam, who worked with Trend Micro to help protect their customers (Trend Micro Advisory).