Vulnerabilities > CVE-2018-18328 - NULL Pointer Dereference vulnerability in Trendmicro products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/105757
- http://www.securityfocus.com/bid/105757
- https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx
- https://esupport.trendmicro.com/en-US/home/pages/technical-support/1121296.aspx
- https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx
- https://esupport.trendmicro.com/solution/ja-jp/1121350.aspx
- https://www.zerodayinitiative.com/advisories/ZDI-18-1296/
- https://www.zerodayinitiative.com/advisories/ZDI-18-1296/