What is the severity of CVE-2018-15366?

CVE-2018-15366 has a medium severity level, indicating it poses a moderate risk of exploitation.

How do I fix CVE-2018-15366?

To fix CVE-2018-15366, update Trend Micro Antivirus for Mac to the latest version available.

Which products are affected by CVE-2018-15366?

CVE-2018-15366 affects Trend Micro Antivirus for Mac versions 7.0 and above.

Can CVE-2018-15366 be exploited remotely?

CVE-2018-15366 requires local access for exploitation, meaning an attacker must have physical or local access to the system.

What kind of vulnerability is CVE-2018-15366?

CVE-2018-15366 is classified as a 'Use-After-Free' privilege escalation vulnerability.

Vulnerability/
CVE-2018-15366

high

7.8

CWE

416

23/10/2018

5/8/2024

29/1/2025

CVE-2018-15366: Trend Micro Anti-Virus UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation Vulnerability

First published: Tue Oct 23 2018(Updated: )

A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Credit: security@trendmicro.com

Affected Software	Affected Version	How to fix
Trend Micro Antivirus
Trend Micro Antivirus for Mac	>=7.0<=7.1.1124
Trend Micro Antivirus for Mac 2018	>=8.0<=8.0.3082
Trend Micro Antivirus for Mac	>=9.0<=9.0.1356

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-15366?
CVE-2018-15366 has a medium severity level, indicating it poses a moderate risk of exploitation.
How do I fix CVE-2018-15366?
To fix CVE-2018-15366, update Trend Micro Antivirus for Mac to the latest version available.
Which products are affected by CVE-2018-15366?
CVE-2018-15366 affects Trend Micro Antivirus for Mac versions 7.0 and above.
Can CVE-2018-15366 be exploited remotely?
CVE-2018-15366 requires local access for exploitation, meaning an attacker must have physical or local access to the system.
What kind of vulnerability is CVE-2018-15366?
CVE-2018-15366 is classified as a 'Use-After-Free' privilege escalation vulnerability.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/weakness
agent/author
agent/first-publish-date
agent/description
agent/severity
agent/trending
agent/source
agent/tags
agent/softwarecombine
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-18-1293
alias/ZDI-CAN-6368
alias/CVE-2018-15366
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/trend micro
canonical/trend micro antivirus
vendor/trendmicro
canonical/trend micro antivirus for mac
version/trend micro antivirus for mac/7.0
version/trend micro antivirus for mac/7.1.1124
canonical/trend micro antivirus for mac 2018
version/trend micro antivirus for mac 2018/8.0
version/trend micro antivirus for mac 2018/8.0.3082
version/trend micro antivirus for mac/9.0
version/trend micro antivirus for mac/9.0.1356

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.