← Back

CVE-2018-18328

nvd nist
Published: Oct 23, 2018Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected (3)

Trendmicro
3 products
Antivirus For Mac 2017
Antivirus For Mac 2018
Antivirus For Mac 2019
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Antivirus For Mac 2017
From 7.0 to 7.1.1124
Antivirus For Mac 2018
From 8.0 to 8.0.3082
Antivirus For Mac 2019
From 9.0 to 9.0.1356

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

Source: security@trendmicro.com
Third Party AdvisoryVDB Entry
Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.