CVE-2021-42012: 
Trend Micro Apex One Agent vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability was discovered in Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security 10.0 SP1. The vulnerability was assigned CVE-2021-42012 and was disclosed on October 19, 2021. This security flaw affects the Trend Micro Security Server Database Service component (ZDI Advisory).

The vulnerability stems from the lack of proper validation of user-supplied data length before copying it to a stack-based buffer in the Trend Micro Security Server Database Service. The issue has been assigned a CVSS v3 base score of 7.8 (High), with the following vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability requires local access, low attack complexity, low privileges, and no user interaction to exploit (ZDI Advisory).

If successfully exploited, this vulnerability allows an attacker to escalate privileges and execute arbitrary code in the context of SYSTEM on affected systems. This means an attacker could gain complete control over the affected system, potentially compromising confidentiality, integrity, and availability of the system (ZDI Advisory).

Trend Micro has issued an update to correct this vulnerability. Users of affected products should apply the security updates provided by Trend Micro to protect their systems (ZDI Advisory).