7
CVE-2018-6236
- EPSS 0.31%
- Veröffentlicht 25.05.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 04:10:21
- Quelle security@trendmicro.com
- CVE-Watchlists
- Unerledigt
A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trendmicro ≫ Antivirus+ Version <= 12.0
Trendmicro ≫ Internet Security Version <= 12.0
Trendmicro ≫ Maximum Security Version <= 12.0
Trendmicro ≫ Premium Security Version <= 12.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.219 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx
https://www.zerodayinitiative.com/advisories/ZDI-18-410/