Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Maximum_security
(Trendmicro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-01-29 | CVE-2024-23940 | Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. | Air_support, Antivirus_\+_security, Internet_security, Maximum_security, Premium_security | 7.8 | ||
| 2021-12-03 | CVE-2021-43772 | Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. | Antivirus\+_security, Internet_security, Maximum_security, Premium_security | 5.5 | ||
| 2019-02-05 | CVE-2018-18333 | A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. | Antivirus_\+_security, Internet_security, Maximum_security, Premium_security | 7.8 | ||
| 2017-03-21 | CVE-2017-5565 | Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier... | Antivirus\+, Internet_security, Maximum_security, Premium_security | 6.7 | ||
| 2018-05-25 | CVE-2018-6236 | A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Antivirus\+, Internet_security, Maximum_security, Premium_security | 7.0 | ||
| 2018-05-25 | CVE-2018-6235 | An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Antivirus\+, Internet_security, Maximum_security, Premium_security | 7.8 | ||
| 2018-05-25 | CVE-2018-6234 | An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Antivirus\+, Internet_security, Maximum_security, Premium_security | 5.5 | ||
| 2018-05-25 | CVE-2018-6233 | A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Antivirus\+, Internet_security, Maximum_security, Premium_security | 7.8 | ||
| 2018-05-25 | CVE-2018-6232 | A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Antivirus\+, Internet_security, Maximum_security, Premium_security | 7.8 | ||
| 2018-07-06 | CVE-2018-3608 | A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | Antivirus_\+_security, Internet_security, Maximum_security, Officescan, Officescan_monthly, Premium_security | 9.8 |