CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10514 – Trend Micro Maximum Security ID_AMSP_MASTER Missing Impersonation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10514
30 Aug 2018 — A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de falta de suplantación y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instala... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10513 – Trend Micro Maximum Security ID_AMSP_MASTER Deserialization of Untrusted Data Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10513
30 Aug 2018 — A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de deserialización de datos no fiables y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local esc... • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 2%CPEs: 9EXPL: 1CVE-2018-3608
https://notcve.org/view.php?id=CVE-2018-3608
06 Jul 2018 — A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. Una vulnerabilidad en el controlador UMH (User-Mode Hooking) en Trend Micro Maximum Security (Consumer) 2018 (en versiones 12.0.1191 y anteriores) podría permitir que un atacante cree un paquete especialmente man... • https://github.com/gguaiker/Trend_Micro_POC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6236 – Trend Micro Maximum Security tmusa Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6236
04 May 2018 — A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por TOCTOU (Time-of-Check Time-of-Use) en Trend Micro Maximum Security... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6234 – Trend Micro Maximum Security tmnciesc Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-6234
06 Apr 2018 — An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información por lectura fuera de límites en Trend Micro Maximum S... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6233 – Trend Micro Maximum Security tmnciesc Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6233
06 Apr 2018 — A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por desbordamiento de búfer en Trend Micro Maximum Security (Consumer) 20... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6235 – Trend Micro Maximum Security tmnciesc Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6235
06 Apr 2018 — An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por escritura fuera de límites en Trend Micro Maximum Security (Cons... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6232 – Trend Micro Maximum Security tmnciesc Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-6232
06 Apr 2018 — A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por desbordamiento de búfer en Trend Micro Maximum Security (Consumer) 20... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-16555
https://notcve.org/view.php?id=CVE-2017-16555
16 Jan 2018 — K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way. K7 Antivirus Premium en versiones anteriores a la 15.1.0.53 permite que usuarios locales obtengan privilegios mediante el envío de una llamada IOCTL específica tras configurar la memoria de una forma en particular. • https://support.k7computing.com/index.php?/selfhelp/view-article/3rd-Advisory-issued-on-6th-November-2017 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-16554
https://notcve.org/view.php?id=CVE-2017-16554
16 Jan 2018 — K7 Antivirus Premium before 15.1.0.53 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a specific set of IOCTL calls. K7 Antivirus Premium en versiones anteriores a la 15.1.0.53 permite que usuarios locales escriban en ubicaciones aleatorias de la memoria y, consecuentemente, obtengan privilegios mediante un conjunto específico de llamadas IOCTL. • https://support.k7computing.com/index.php?/selfhelp/view-article/Advisory-issued-on-6th-November-2017 • CWE-787: Out-of-bounds Write •