Vulnerabilities > Trendmicro > Antivirus

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-25776 Link Following vulnerability in Trendmicro Antivirus 2019/2020
Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges.
local
low complexity
trendmicro CWE-59
7.8
2019-12-24 CVE-2019-19695 Link Following vulnerability in Trendmicro Antivirus 9.0/9.0.1379
A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.
network
low complexity
trendmicro CWE-59
7.5
2018-05-25 CVE-2018-6236 Race Condition vulnerability in Trendmicro products
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver.
local
high complexity
trendmicro CWE-362
7.0
2018-05-25 CVE-2018-6235 Out-of-bounds Write vulnerability in Trendmicro products
An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver.
local
low complexity
trendmicro CWE-787
7.8
2018-05-25 CVE-2018-6234 Out-of-bounds Read vulnerability in Trendmicro products
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver.
local
low complexity
trendmicro CWE-125
5.5
2018-05-25 CVE-2018-6233 Classic Buffer Overflow vulnerability in Trendmicro products
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver.
local
low complexity
trendmicro CWE-120
7.8
2018-05-25 CVE-2018-6232 Classic Buffer Overflow vulnerability in Trendmicro products
A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver.
local
low complexity
trendmicro CWE-120
7.8
2017-03-21 CVE-2017-5565 Uncontrolled Search Path Element vulnerability in Trendmicro products
Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack.
local
low complexity
trendmicro CWE-427
6.7