// For flags

CVE-2024-23940

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.

Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versión 6.0.2092 y anteriores, es vulnerable a una vulnerabilidad de secuestro/proxy de DLL que, si se explota, podría permitir a un atacante hacerse pasar por una librería y modificarla para ejecutar código en el sistema y, en última instancia, escalar privilegios en un sistema afectado.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-01-24 CVE Reserved
  • 2024-01-29 CVE Published
  • 2024-08-01 CVE Updated
  • 2024-08-01 First Exploit
  • 2025-02-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-427: Uncontrolled Search Path Element
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Trendmicro
Search vendor "Trendmicro"
 Air Support
Search vendor "Trendmicro" for product "Air Support"
 < 6.0.2103
Search vendor "Trendmicro" for product "Air Support" and version " < 6.0.2103"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Trendmicro
Search vendor "Trendmicro"
 Antivirus \+ Security
Search vendor "Trendmicro" for product "Antivirus \+ Security"
 < 6.0.2103
Search vendor "Trendmicro" for product "Antivirus \+ Security" and version " < 6.0.2103"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Trendmicro
Search vendor "Trendmicro"
 Internet Security
Search vendor "Trendmicro" for product "Internet Security"
 < 6.0.2103
Search vendor "Trendmicro" for product "Internet Security" and version " < 6.0.2103"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Trendmicro
Search vendor "Trendmicro"
 Maximum Security
Search vendor "Trendmicro" for product "Maximum Security"
 < 6.0.2103
Search vendor "Trendmicro" for product "Maximum Security" and version " < 6.0.2103"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Trendmicro
Search vendor "Trendmicro"
 Premium Security
Search vendor "Trendmicro" for product "Premium Security"
 < 6.0.2103
Search vendor "Trendmicro" for product "Premium Security" and version " < 6.0.2103"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe