CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6234 – Trend Micro Maximum Security tmnciesc Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-6234
06 Apr 2018 — An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información por lectura fuera de límites en Trend Micro Maximum S... • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5565
https://notcve.org/view.php?id=CVE-2017-5565
21 Mar 2017 — Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL und... • http://cybellum.com/doubleagent-taking-full-control-antivirus • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2016-1225
https://notcve.org/view.php?id=CVE-2016-1225
19 Jun 2016 — Trend Micro Internet Security 8 and 10 allows remote attackers to read arbitrary files via unspecified vectors. Trend Micro Internet Security 8 y 10 permite a atacantes remotos leer archivos arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN48789425/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1226
https://notcve.org/view.php?id=CVE-2016-1226
19 Jun 2016 — Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Trend Micro Internet Security 8 y 10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://jvn.jp/en/jp/JVN48789425/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-5179
https://notcve.org/view.php?id=CVE-2010-5179
25 Aug 2012 — Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a craf... • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 56%CPEs: 36EXPL: 0CVE-2012-1443
https://notcve.org/view.php?id=CVE-2012-1443
21 Mar 2012 — The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky An... • http://osvdb.org/80454 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 91%CPEs: 35EXPL: 0CVE-2012-1459
https://notcve.org/view.php?id=CVE-2012-1459
21 Mar 2012 — The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1327
https://notcve.org/view.php?id=CVE-2011-1327
20 May 2011 — The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger. La funcionalidad Keystroke Encryption en Trend Micro Internet Security 2009 (también conocido cómo Virus Buster 2009 y PC-cillin 2009) no cifra completamente las contraseñas, lo que permite a usuarios localtes obtener información sensible aprovechándose de un "keylogger" • http://esupport.trendmicro.co.jp/Pages/JP-2079186.aspx • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 76%CPEs: 1EXPL: 1CVE-2010-3189 – Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-3189
31 Aug 2010 — The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. La función extSetOwner en el control ActiveX UfProxyBrowserCtrl (UfPBCtrl.dll) en Trend Micro Internet Security Pro 2010 permite a atacantes remotos ejecutar código de su elección a través de una dirección no válida que es desreferenciada como puntero. • https://www.exploit-db.com/exploits/15168 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2009-0686 – Trend Micro Internet Security Pro 2009 - Priviliege Escalation
https://notcve.org/view.php?id=CVE-2009-0686
01 Apr 2009 — The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in Trend Micro Internet Pro 2008 and 2009, and Security Pro 2008 and 2009, allows local users to gain privileges via a crafted IRP in a METHOD_NEITHER IOCTL request to \Device\tmactmon that overwrites memory. Activity Monitor Module de TrendMicro (tmactmon.sys) versión 2.52.0.1002 en Internet Pro 2008 y 2009, y Security Pro 2008 y 2009 de Trend Micro, permite a los usuarios locales alcanzar privilegios por medio de un IRP diseñado en una peti... • https://www.exploit-db.com/exploits/8322 • CWE-399: Resource Management Errors •