CVE-2024-23940
https://notcve.org/view.php?id=CVE-2024-23940
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versión 6.0.2092 y anteriores, es vulnerable a una vulnerabilidad de secuestro/proxy de DLL que, si se explota, podría permitir a un atacante hacerse pasar por una librería y modificarla para ejecutar código en el sistema y, en última instancia, escalar privilegios en un sistema afectado. • https://helpcenter.trendmicro.com/en-us/article/tmka-12134 https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132 https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1 • CWE-427: Uncontrolled Search Path Element •