Trend Micro uiAirSupport Vulnerable to DLL Hijacking/Proxying

CVE-2024-23940

7.8HIGH

Key Information

Vendor: Trend Micro
Status: Trend Micro Security (Consumer) uiAirSupport
Vendor: CVE Published:; 29 January 2024

Summary

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.

Affected Version(s)

Trend Micro Security (Consumer) uiAirSupport < 6.0.2093

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 29, 2024
Vulnerability Reserved.
Jan 24, 2024

Collectors

NVD DatabaseMitre Database