CVE-2021-32460
Description
The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access control vulnerability in the installer which could allow a local attacker to escalate privileges on a target machine. Please note than an attacker must already have local user privileges and access on the machine to exploit this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Trend Micro Maximum Security 2021 installer has improper access control allowing local privilege escalation to SYSTEM.
Vulnerability
The Trend Micro Maximum Security 2021 (v17) consumer product installer packages released before May 20, 2021 [2] contain an improper access control vulnerability. The product sets incorrect permissions on a sensitive file within the Maximum Security console [1].
Exploitation
An attacker must already have local user privileges and access to the target machine [description]. They need the ability to execute low-privileged code on the system [1]. By leveraging the incorrect file permissions, the attacker can escalate privileges.
Impact
Successful exploitation allows the attacker to escalate privileges and execute arbitrary code in the context of SYSTEM [1]. This results in full compromise of confidentiality, integrity, and availability (CVSS 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) [2].
Mitigation
Trend Micro released updated installer packages on May 20, 2021 [2]. Users should download the latest installer from Trend Micro. No workarounds are available, and no active exploitation has been reported [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = v17
- Range: 2021 (v17)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- helpcenter.trendmicro.com/en-us/article/TMKA-10336mitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-21-603/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.