Vulnerabilities > CVE-2018-10513 - Deserialization of Untrusted Data vulnerability in Trendmicro products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

trendmicro

microsoft

CWE-502

NVD

Published: 2018-08-30

Updated: 2018-10-26

Summary

A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Trendmicro Trendmicro Antivirus + Security * Trendmicro Internet Security 8.0 Trendmicro Internet Security 10.0 Trendmicro Maximum Security * Trendmicro Premium Security *	5
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References