TrendMicro node.js HTTP Server Remote Code Execution Exploit

The Password Manager component installed by various Trend Micro products runs a Node.js HTTP server by default. This web server opens multiple HTTP RPC ports for handling API requests. For example, the openUrlInDefaultBrowser API function, which internally maps to a ShellExecute function call, allows and attacker to execute arbitrary commands on localhost without the need of any type of credentials.
Exploit type: 
Platform: 
Vulnerabilty ID: 
NOCVE-9999-74958
Product Version: 
2016_R1
Released Date: 
Tuesday, April 19, 2016 - 00:00