CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
Date published : 2016-04-08
http://blog.trendmicro.com/information-on-reported-vulnerabilities-in-trend-micro-password-manager/