Out-of-Bounds Read Vulnerability in Trend Micro Maximum Security software
CVE-2018-6234

5.5MEDIUM

Key Information:

Vendor: Trend Micro
Status: Trend Micro Maximum Security
Vendor: CVE Published:; 25 May 2018

Summary

The vulnerability involves an Out-of-Bounds Read in the Trend Micro Maximum Security software, specifically within the tmnciesc.sys driver when processing IOCTL 0x222814. This flaw can potentially allow local attackers to gain access to sensitive information from affected installations. To exploit this vulnerability, an attacker must first be able to execute low-privileged code on the target system, which could lead to further security risks.

Affected Version(s)

Trend Micro Maximum Security 2018

References

https://www.zerodayinitiative.com/advisories/ZDI-18-268/

x_refsource_MISC

https://esupport.trendmicro.com/en-us/home/pages/technica...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 25, 2018
Vulnerability Reserved
Jan 25, 2018