The Password Manager component installed by various Trend Micro products runs a Node.js HTTP server by default. This web server opens multiple HTTP RPC ports for handling API requests. For example, the openUrlInDefaultBrowser API function, which internally maps to a ShellExecute function call, allows and attacker to execute arbitrary commands on localhost without the need of any type of credentials. This module will wait for a vulnerable target to connect and deploy an agent by abusing the mentioned API functionallity provided by the vulnerable component.
CVE Link
Exploit Platform
Exploit Type
Product Name