CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14685 – Trend Maximum Security 2019 Unquoted Search Path
https://notcve.org/view.php?id=CVE-2019-14685
21 Aug 2019 — A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. Existe una vulnerabilidad de escalada de privilegios locales en Trend Micro Security 2019 (v15.0) en la que, si se explota, permitiría a un atacante manipular una característica específica del producto para cargar un servicio malicioso. Trend Maximum Security 2019 suffers from an unquoted search path vulne... • http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2018-18333
https://notcve.org/view.php?id=CVE-2018-18333
05 Feb 2019 — A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. Una vulnerabilidad de secuestro de DLL en Trend Micro Security 2019 (Consumer), en versiones anteriores a la 15.0.0.1163, podría permitir a un atacante manipular un DLL específico y escalar privilegios en instalaciones vulnerables. • https://github.com/mrx04programmer/Dr.DLL-CVE-2018-18333 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10513 – Trend Micro Maximum Security ID_AMSP_MASTER Deserialization of Untrusted Data Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10513
30 Aug 2018 — A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de deserialización de datos no fiables y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local esc... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10514 – Trend Micro Maximum Security ID_AMSP_MASTER Missing Impersonation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10514
30 Aug 2018 — A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de falta de suplantación y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instala... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-15363 – Trend Micro Maximum Security ID_AMSP_MASTER Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-15363
30 Aug 2018 — An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de lectura fuera de límites y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instal... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 1CVE-2018-3608
https://notcve.org/view.php?id=CVE-2018-3608
06 Jul 2018 — A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. Una vulnerabilidad en el controlador UMH (User-Mode Hooking) en Trend Micro Maximum Security (Consumer) 2018 (en versiones 12.0.1191 y anteriores) podría permitir que un atacante cree un paquete especialmente man... • https://github.com/gguaiker/Trend_Micro_POC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6236 – Trend Micro Maximum Security tmusa Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6236
04 May 2018 — A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por TOCTOU (Time-of-Check Time-of-Use) en Trend Micro Maximum Security... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6233 – Trend Micro Maximum Security tmnciesc Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6233
06 Apr 2018 — A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por desbordamiento de búfer en Trend Micro Maximum Security (Consumer) 20... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6235 – Trend Micro Maximum Security tmnciesc Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6235
06 Apr 2018 — An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por escritura fuera de límites en Trend Micro Maximum Security (Cons... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6232 – Trend Micro Maximum Security tmnciesc Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6232
06 Apr 2018 — A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por desbordamiento de búfer en Trend Micro Maximum Security (Consumer) 20... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •