ID |
CVE-2018-6235
|
Summary |
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:trendmicro:antivirus\+:*:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:antivirus\+:*:*:*:*:*:*:*:*
-
cpe:2.3:a:trendmicro:internet_security:8.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:internet_security:8.0:*:*:*:*:*:*:*
-
cpe:2.3:a:trendmicro:internet_security:10.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:internet_security:10.0:*:*:*:*:*:*:*
-
cpe:2.3:a:trendmicro:maximum_security:*:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:maximum_security:*:*:*:*:*:*:*:*
-
cpe:2.3:a:trendmicro:premium_security:*:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:premium_security:*:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.2 (as of 28-06-2018 - 16:10) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-787 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
|
Last major update |
28-06-2018 - 16:10 |
Published |
25-05-2018 - 15:29 |
Last modified |
28-06-2018 - 16:10 |