Trend Micro uiAirSupport Vulnerable to DLL Hijacking/Proxying
CVE-2024-23940

7.8HIGH

Key Information:

Vendor: Trend Micro
Status: Trend Micro Security (consumer) Uiairsupport
Vendor: CVE Published:; 29 January 2024

🔔 Create Trend Micro Vulnerability Alert

What is CVE-2024-23940?

The DLL hijacking vulnerability in Trend Micro uiAirSupport affects versions 6.0.2092 and earlier, allowing an attacker to exploit the system by impersonating and manipulating a library. This exploitation could lead to unauthorized code execution within the affected product, potentially enabling privilege escalation on the user’s system. Users of Trend Micro Security 2023 should remain vigilant about this security issue and apply relevant updates or patches as they become available to mitigate the associated risks.

Affected Version(s)

Trend Micro Security (Consumer) uiAirSupport 2023 (6.0) < 6.0.2093

References

https://helpcenter.trendmicro.com/en-us/article/tmka-12134

https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132

https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-e...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2024
Vulnerability Reserved
Jan 24, 2024