CVE-2018-18333
https://notcve.org/view.php?id=CVE-2018-18333
A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. Una vulnerabilidad de secuestro de DLL en Trend Micro Security 2019 (Consumer), en versiones anteriores a la 15.0.0.1163, podría permitir a un atacante manipular un DLL específico y escalar privilegios en instalaciones vulnerables. • https://github.com/mrx04programmer/Dr.DLL-CVE-2018-18333 https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121932.aspx https://gaissecurity.com/yazi/discovery-of-dll-hijack-on-trend-micro-antivirusplus-cve-2018-18333 https://kaganisildak.com/2019/01/17/discovery-of-dll-hijack-on-trend-micro-antivirus-cve-2018-18333 • CWE-426: Untrusted Search Path •
CVE-2018-10513 – Trend Micro Maximum Security ID_AMSP_MASTER Deserialization of Untrusted Data Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10513
A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de deserialización de datos no fiables y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-961 • CWE-502: Deserialization of Untrusted Data •
CVE-2018-15363 – Trend Micro Maximum Security ID_AMSP_MASTER Out-Of-Bounds Read Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-15363
An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de lectura fuera de límites y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-963 • CWE-125: Out-of-bounds Read •
CVE-2018-10514 – Trend Micro Maximum Security ID_AMSP_MASTER Missing Impersonation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10514
A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de falta de suplantación y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-962 • CWE-269: Improper Privilege Management •
CVE-2018-3608
https://notcve.org/view.php?id=CVE-2018-3608
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. Una vulnerabilidad en el controlador UMH (User-Mode Hooking) en Trend Micro Maximum Security (Consumer) 2018 (en versiones 12.0.1191 y anteriores) podría permitir que un atacante cree un paquete especialmente manipulado que podría alterar un sistema vulnerable de forma que se pueda inyectar código malicioso en otros procesos. • http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •