Page 6 of 55 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-10514 – Trend Micro Maximum Security ID_AMSP_MASTER Missing Impersonation Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2018-10514

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de falta de suplantación y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-962 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-15363 – Trend Micro Maximum Security ID_AMSP_MASTER Out-Of-Bounds Read Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2018-15363

An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. Una vulnerabilidad de lectura fuera de límites y de escalado de privilegios en productos Trend Micro Security 2018 (Consumer) podría permitir que un atacante local escale privilegios en instalaciones vulnerables. En primer lugar, un atacante debe obtener la habilidad para ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-963 • CWE-125: Out-of-bounds Read •

CVSS: 10.0EPSS: 2%CPEs: 9EXPL: 0

CVE-2018-3608

https://notcve.org/view.php?id=CVE-2018-3608

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. Una vulnerabilidad en el controlador UMH (User-Mode Hooking) en Trend Micro Maximum Security (Consumer) 2018 (en versiones 12.0.1191 y anteriores) podría permitir que un atacante cree un paquete especialmente manipulado que podría alterar un sistema vulnerable de forma que se pueda inyectar código malicioso en otros procesos. • http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-6236 – Trend Micro Maximum Security tmusa Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2018-6236

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de escalado de privilegios por TOCTOU (Time-of-Check Time-of-Use) en Trend Micro Maximum Security (Consumer) 2018 podría permitir que un atacante local escale privilegios en instalaciones vulnerables debido a un error en el procesamiento de llamadas IOCTL 0x222813 por parte del controlador tmusa. En primer lugar, un atacante debe obtener la capacidad de ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-410 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-6234 – Trend Micro Maximum Security tmnciesc Out-Of-Bounds Read Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2018-6234

An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Una vulnerabilidad de divulgación de información por lectura fuera de límites en Trend Micro Maximum Security (Consumer) 2018 podría permitir que un atacante local revele información sensible en instalaciones vulnerables debido a un error en el procesamiento de llamadas IOCTL 0x222814 por parte del controlador tmnciesc.sys. En primer lugar, un atacante debe obtener la capacidad de ejecutar código de bajos privilegios en el sistema objetivo para explotar esta vulnerabilidad. This vulnerability allows local attackers disclose sensitive information on vulnerable installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx https://www.zerodayinitiative.com/advisories/ZDI-18-268 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •