CVE-2016-3987

CRITICAL

Trend Micro Password Manager - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3987. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages an arbitrary command execution vulnerability in Trend Micro Maximum Security 10's Password Manager component via an exposed HTTP RPC endpoint. It uses JavaScript to send a crafted request to the local API, bypassing same-origin policy to execute commands via `ShellExecute()`.

Description

The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmlremotewindows

https://www.exploit-db.com/exploits/39218

View Code ZIP pw:eip

This exploit leverages an arbitrary command execution vulnerability in Trend Micro Maximum Security 10's Password Manager component via an exposed HTTP RPC endpoint. It uses JavaScript to send a crafted request to the local API, bypassing same-origin policy to execute commands via `ShellExecute()`.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Trend Micro Maximum Security 10 (Password Manager component)

No auth needed

Prerequisites: Trend Micro Maximum Security 10 installed with Password Manager enabled · Victim visits a malicious webpage or executes the provided JavaScript

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →