CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2024-23940
https://notcve.org/view.php?id=CVE-2024-23940
29 Jan 2024 — Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versión 6.0.2092 y anteriores, es vulnerable a una vulnerabilida... • https://helpcenter.trendmicro.com/en-us/article/tmka-12134 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42124 – Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42124
27 Sep 2023 — Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. The issue results from incorrect authorization. • https://www.zerodayinitiative.com/advisories/ZDI-23-1474 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42125 – Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-42125
27 Sep 2023 — Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the sandbox feature. By creating a symbolic link, an attacker can abuse the service to create arbitrary namespace... • https://www.zerodayinitiative.com/advisories/ZDI-23-1475 • CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28965
https://notcve.org/view.php?id=CVE-2022-28965
20 May 2022 — Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. Múltiples vulnerabilidades de secuestro de DLL por medio de los componentes instup.exe y wsc_proxy.exe en Avast Premium Security versiones anteriores a v21.11.2500, permite a atacantes ejecutar código arbitrario o causar una Denegación de Servicio (DoS) por medio de un archivo ... • https://forum.avast.com/index.php?topic=318305.0 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-28964
https://notcve.org/view.php?id=CVE-2022-28964
20 May 2022 — An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. Una vulnerabilidad de escritura de archivos arbitrarios en Avast Premium Security versiones anteriores a 21.11.2500 (compilación 21.11.6809.528) permite a atacantes causar una Denegación de Servicio (DoS) por medio de un archivo DLL diseñado • https://forum.avast.com/index.php?topic=317641.0 • CWE-426: Untrusted Search Path •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-43772
https://notcve.org/view.php?id=CVE-2021-43772
03 Dec 2021 — Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. Trend Micro Security 2021 versión v17.0 (Consumer), contiene una vulnerabilidad que permite modificar los archivos dentro de la carpeta protegida sin ninguna detección • https://helpcenter.trendmicro.com/en-us/article/tmka-10855 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27241 – Avast Premium Security AvastSvc Directory Junction Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2021-27241
24 Feb 2021 — This vulnerability allows local attackers to delete arbitrary directories on affected installations of Avast Premium Security 20.8.2429 (Build 20.8.5653.561). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AvastSvc.exe module. By creating a directory junction, an attacker can abuse the service to delete a directory. An attacker can leverage this vulnerability to create a denial-of-servi... • https://www.zerodayinitiative.com/advisories/ZDI-21-208 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18894
https://notcve.org/view.php?id=CVE-2019-18894
13 Jan 2020 — In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox. En Avast Premium Security versión 19.8.2393, los atacantes pueden enviar una petición especi... • https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2018-18333
https://notcve.org/view.php?id=CVE-2018-18333
05 Feb 2019 — A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. Una vulnerabilidad de secuestro de DLL en Trend Micro Security 2019 (Consumer), en versiones anteriores a la 15.0.0.1163, podría permitir a un atacante manipular un DLL específico y escalar privilegios en instalaciones vulnerables. • https://github.com/mrx04programmer/Dr.DLL-CVE-2018-18333 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10513 – Trend Micro Maximum Security ID_AMSP_MASTER Deserialization of Untrusted Data Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10513
30 Aug 2018 — A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de deserialización de datos no fiables y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local esc... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-502: Deserialization of Untrusted Data •