← Back

CVE-2024-23940

nvd nist
Published: Jan 29, 2024Modified: May 29, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.

Affected (5)

Trendmicro
5 products
Air Support
Antivirus + Security
Internet Security
Maximum Security
Premium Security
Configuration A
5 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Air Support
Before 6.0.2103
Antivirus + Security
Before 6.0.2103
Internet Security
Before 6.0.2103
Maximum Security
Before 6.0.2103
Premium Security
Before 6.0.2103
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-427
Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (6)

Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
Vendor Advisory
Source: security@trendmicro.com
ExploitTechnical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.