17 matches found
CVE-2024-23940
Trend Micro uiAirSupport (Trend Micro Security 2023 family) is affected for version 6.0.2092 and below. The vulnerability is described as a DLL hijacking/proxying issue that could let an attacker impersonate/modify a library, run code on the system, and escalate privileges. Impact is described as...
CVE-2018-10514
CVE-2018-10514 affects Trend Micro Security 2018 (Consumer) products. The vulnerability arises from the coreServiceShell service failing to properly impersonate the client before performing sensitive operations, enabling a local attacker who can run low-privilege code to escalate privileges (to S...
CVE-2018-3608
CVE-2018-3608 affects Trend Micro Maximum Security (Consumer) for 2018, specifically affected versions 12.0.1191 and below. The vulnerability resides in the User-Mode Hooking (UMH) driver and could allow a crafted network packet to cause code to be injected into other processes on a vulnerable sy...
CVE-2010-3189
CVE-2010-3189 affects Trend Micro Internet Security Pro 2010, via the UfProxyBrowserCtrl ActiveX extSetOwner() in UfPBCtrl.dll. The vulnerability allows remote code execution when an attacker entices a user to view a crafted HTML document; an invalid address is dereferenced as a pointer, enabling...
CVE-2018-6232
Trend Micro Maximum Security uses a vulnerable tmnciesc.sys driver where the root cause is a buffer overflow in processing IOCTL 0x22205C. This local-privilege-escalation flaw allows an attacker who can run low-privilege code to write past the end of an allocated buffer, enabling privilege escala...
CVE-2018-6236
CVE-2018-6236 affects Trend Micro Maximum Security (Consumer) 2018. The vulnerability is a local privilege-escalation flaw in the tmusa driver, triggered by processing IOCTL 0x222813, due to a TOCTOU race condition in user-supplied data. An attacker who can execute low-privilege code can escalate...
CVE-2016-1225
CVE-2016-1225 affects Trend Micro Internet Security 8 and 10. The connected sources describe an access-restriction vulnerability that allows a remote attacker to obtain access to files on the device (read arbitrary files) via networked vectors, with the impact described primarily as confidentiali...
CVE-2018-6235
Trend Micro Maximum Security (Consumer) 2018 is affected by an Out-of-Bounds write privilege escalation in the tmnciesc.sys driver, caused by improper handling of IOCTL 0x222814. An attacker who can run low-privilege code locally can exploit this to escalate privileges on the target system. Affec...
CVE-2016-1226
CVE-2016-1226 affects Trend Micro Internet Security 8 and 10 and is described as a Cross-site scripting (XSS) vulnerability allowing remote attackers to inject arbitrary script or HTML via unspecified vectors. Connected sources (e.g., JVN and OpenVAS entries) confirm an Arbitrary Script Execution...
CVE-2009-0686
CVE-2009-0686 affects Trend Micro Internet Security Pro (2008/2009) and Internet Pro/Security Pro lines. The IOCTL handler in tmactmon.sys (2.52.0.1002) uses METHOD_NEITHER and does not properly validate IRP buffer data, allowing a local user to gain SYSTEM privileges via a crafted IRP to \Device...
CVE-2017-5565
CVE-2017-5565 affects Trend Micro products (Maximum Security, Internet Security, Antivirus+ Security 11.0 and earlier) and is a local code-injection vulnerability. The root cause described across sources is that an attacker can abuse Microsoft Application Verifier by inserting a DLL via Image Fil...
CVE-2018-10513
The connected ZDI advisory ZDI-18-961 details a local privilege‑escalation vulnerability in Trend Micro products (e.g., Trend Micro Maximum Security) involving deserialization of untrusted data in ID_AMSP_MASTER requests. The flaw occurs in the coreServiceShell.exe service process when parsing re...
CVE-2018-18333
Summary (CVE-2018-18333) : A DLL hijacking vulnerability affects Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below. The issue allows an attacker to manipulate a specific DLL, resulting in privilege escalation on vulnerable installations. The existing sources describe the a...
CVE-2018-6233
CVE-2018-6233 describes a local privilege-escalation in Trend Micro Maximum Security (Consumer) 2018. The root cause is a buffer overflow in the tmnciesc.sys driver when processing IOCTL 0x222060, which can allow a local attacker who can execute low-privilege code to escalate privileges. Public s...
CVE-2018-6234
CVE-2018-6234 affects Trend Micro Maximum Security (Consumer) 2018. It describes an Out-of-Bounds Read Information Disclosure in the tmnciesc.sys driver, arising from improper handling of IOCTL 0x222814. A local attacker who can run low-privilege code can disclose sensitive information on the tar...
CVE-2018-15363
An advisory for CVE-2018-15363 describes an Out-of-Bounds Read Privilege Escalation in Trend Micro Security 2018 (Consumer) products. The vulnerability stems from lack of proper validation of user-supplied data in coreServiceShell.exe (ID_AMSP_MASTER path) processing of request ID 0x2002, allowin...
CVE-2021-43772
Trend Micro Security 2021 family (Consumer) Product: Trend Micro Security 2021 v17.0 (Consumer). Vulnerability: A security feature issue in Folder Shield allows a local user to modify files inside a Folder Shield–protected folder without detection, potentially bypassing protections and compromisi...