User-Mode Hooking Vulnerability in Trend Micro Maximum Security
CVE-2018-3608

9.8CRITICAL

Key Information:

Vendor: Trend Micro
Status: Trend Micro Maximum Security (consumer)
Vendor: CVE Published:; 6 July 2018

🔔 Create Trend Micro Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-3608?

A vulnerability in Trend Micro Maximum Security 2018 allows attackers to craft specific packets that can manipulate the system. This manipulation may enable the injection of malicious code into other processes, potentially leading to unauthorized access or further exploitation. Systems running versions 12.0.1191 and below are particularly at risk.

Affected Version(s)

Trend Micro Maximum Security (Consumer) 2018 (12.0.1191)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Trend_Micro_POC
Created by gguaiker

References

https://esupport.trendmicro.com/en-US/home/pages/technica...

x_refsource_MISC

http://esupport.trendmicro.com/support/vb/solution/ja-jp/...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2018
🟡
Public PoC available
Feb 5, 2018
👾
Exploit known to exist
Feb 5, 2018
Vulnerability Reserved
Dec 27, 2017