TrendMicro Node.js HTTP Server Command Execution
Posted by deepcore on January 13, 2016 – 1:57 am
When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30 seconds to spot one that permits arbitrary command execution, openUrlInDefaultBrowser, which eventually maps to ShellExecute().
Post a reply
You must be logged in to post a comment.