Vulnerabilities > CVE-2018-18329 - NULL Pointer Dereference vulnerability in Trendmicro products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

trendmicro

CWE-476

NVD

Published: 2018-10-23

Updated: 2018-12-04

Summary

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F4E offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Trendmicro Trendmicro Antivirus FOR MAC 2017 7.0 Trendmicro Antivirus FOR MAC 2017 7.1.1124 Trendmicro Antivirus FOR MAC 2018 8.0 Trendmicro Antivirus FOR MAC 2018 8.0.3082 Trendmicro Antivirus FOR MAC 2019 9.0 Trendmicro Antivirus FOR MAC 2019 9.0.1356	6

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References