CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-14685
https://notcve.org/view.php?id=CVE-2019-14685
A local privilege escalation vulnerability exists in Trend Micro Security 2019 (v15.0) in which, if exploited, would allow an attacker to manipulate a specific product feature to load a malicious service. Existe una vulnerabilidad de escalada de privilegios locales en Trend Micro Security 2019 (v15.0) en la que, si se explota, permitiría a un atacante manipular una característica específica del producto para cargar un servicio malicioso. • http://packetstormsecurity.com/files/154200/Trend-Maximum-Security-2019-Unquoted-Search-Path.html http://seclists.org/fulldisclosure/2019/Aug/26 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123420.aspx https://medium.com/sidechannel-br/vulnerabilidade-no-trend-micro-maximum-security-2019-permite-a-escala%C3%A7%C3%A3o-de-privil%C3%A9gios-no-windows-471403d53b68 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 4CVE-2018-18333
https://notcve.org/view.php?id=CVE-2018-18333
A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. Una vulnerabilidad de secuestro de DLL en Trend Micro Security 2019 (Consumer), en versiones anteriores a la 15.0.0.1163, podría permitir a un atacante manipular un DLL específico y escalar privilegios en instalaciones vulnerables. • https://github.com/mrx04programmer/Dr.DLL-CVE-2018-18333 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121932.aspx https://gaissecurity.com/yazi/discovery-of-dll-hijack-on-trend-micro-antivirusplus-cve-2018-18333 https://kaganisildak.com/2019/01/17/discovery-of-dll-hijack-on-trend-micro-antivirus-cve-2018-18333 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10513 – Trend Micro Maximum Security ID_AMSP_MASTER Deserialization of Untrusted Data Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10513
A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de deserialización de datos no fiables y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-961 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-10514 – Trend Micro Maximum Security ID_AMSP_MASTER Missing Impersonation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10514
A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de falta de suplantación y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-962 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-15363 – Trend Micro Maximum Security ID_AMSP_MASTER Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-15363
An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de lectura fuera de límites y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-963 • CWE-125: Out-of-bounds Read •