13 matches found
CVE-2024-23940
Trend Micro uiAirSupport (Trend Micro Security 2023 family) is affected for version 6.0.2092 and below. The vulnerability is described as a DLL hijacking/proxying issue that could let an attacker impersonate/modify a library, run code on the system, and escalate privileges. Impact is described as...
CVE-2018-10514
CVE-2018-10514 affects Trend Micro Security 2018 (Consumer) products. The vulnerability arises from the coreServiceShell service failing to properly impersonate the client before performing sensitive operations, enabling a local attacker who can run low-privilege code to escalate privileges (to S...
CVE-2018-3608
CVE-2018-3608 affects Trend Micro Maximum Security (Consumer) for 2018, specifically affected versions 12.0.1191 and below. The vulnerability resides in the User-Mode Hooking (UMH) driver and could allow a crafted network packet to cause code to be injected into other processes on a vulnerable sy...
CVE-2018-6232
Trend Micro Maximum Security uses a vulnerable tmnciesc.sys driver where the root cause is a buffer overflow in processing IOCTL 0x22205C. This local-privilege-escalation flaw allows an attacker who can run low-privilege code to write past the end of an allocated buffer, enabling privilege escala...
CVE-2018-6236
CVE-2018-6236 affects Trend Micro Maximum Security (Consumer) 2018. The vulnerability is a local privilege-escalation flaw in the tmusa driver, triggered by processing IOCTL 0x222813, due to a TOCTOU race condition in user-supplied data. An attacker who can execute low-privilege code can escalate...
CVE-2018-10513
The connected ZDI advisory ZDI-18-961 details a local privilege‑escalation vulnerability in Trend Micro products (e.g., Trend Micro Maximum Security) involving deserialization of untrusted data in ID_AMSP_MASTER requests. The flaw occurs in the coreServiceShell.exe service process when parsing re...
CVE-2017-5565
CVE-2017-5565 affects Trend Micro products (Maximum Security, Internet Security, Antivirus+ Security 11.0 and earlier) and is a local code-injection vulnerability. The root cause described across sources is that an attacker can abuse Microsoft Application Verifier by inserting a DLL via Image Fil...
CVE-2018-6234
CVE-2018-6234 affects Trend Micro Maximum Security (Consumer) 2018. It describes an Out-of-Bounds Read Information Disclosure in the tmnciesc.sys driver, arising from improper handling of IOCTL 0x222814. A local attacker who can run low-privilege code can disclose sensitive information on the tar...
CVE-2018-6235
Trend Micro Maximum Security (Consumer) 2018 is affected by an Out-of-Bounds write privilege escalation in the tmnciesc.sys driver, caused by improper handling of IOCTL 0x222814. An attacker who can run low-privilege code locally can exploit this to escalate privileges on the target system. Affec...
CVE-2018-18333
Summary (CVE-2018-18333) : A DLL hijacking vulnerability affects Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below. The issue allows an attacker to manipulate a specific DLL, resulting in privilege escalation on vulnerable installations. The existing sources describe the a...
CVE-2018-6233
CVE-2018-6233 describes a local privilege-escalation in Trend Micro Maximum Security (Consumer) 2018. The root cause is a buffer overflow in the tmnciesc.sys driver when processing IOCTL 0x222060, which can allow a local attacker who can execute low-privilege code to escalate privileges. Public s...
CVE-2021-43772
Trend Micro Security 2021 family (Consumer) Product: Trend Micro Security 2021 v17.0 (Consumer). Vulnerability: A security feature issue in Folder Shield allows a local user to modify files inside a Folder Shield–protected folder without detection, potentially bypassing protections and compromisi...
CVE-2018-15363
An advisory for CVE-2018-15363 describes an Out-of-Bounds Read Privilege Escalation in Trend Micro Security 2018 (Consumer) products. The vulnerability stems from lack of proper validation of user-supplied data in coreServiceShell.exe (ID_AMSP_MASTER path) processing of request ID 0x2002, allowin...