CVE-2018-3608: Code Injection
First published: Fri Jul 06 2018(Updated: )
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trendmicro Antivirus \+ Security | <=12.0.1191 | |
| Trendmicro Internet Security | <=12.0.1191 | |
| Trendmicro Maximum Security | <=12.0.1191 | |
| Trendmicro Premium Security | <=12.0.1191 | |
| Microsoft Windows | ||
| Trendmicro Officescan | =11.0 | |
| Trendmicro Officescan | =12.0 | |
| Trendmicro Officescan Monthly | =11.0 | |
| Trendmicro Officescan Monthly | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability CVE-2018-3608?
The vulnerability CVE-2018-3608 is a security flaw in Trend Micro Maximum Security (Consumer) 2018 (versions 12.0.1191 and below) that allows an attacker to inject malicious code into other processes.
Which software versions are affected by CVE-2018-3608?
Versions 12.0.1191 and below of Trend Micro Maximum Security, Trendmicro Internet Security, Trendmicro Premium Security, Trendmicro Officescan, and Trendmicro Officescan Monthly are affected by CVE-2018-3608.
What is the severity of CVE-2018-3608?
CVE-2018-3608 has a severity level of 9.8 (Critical).
How can an attacker exploit CVE-2018-3608?
An attacker can exploit CVE-2018-3608 by creating a specially crafted packet that alters a vulnerable system and injects malicious code into other processes.
Where can I find more information about CVE-2018-3608?
You can find more information about CVE-2018-3608 on the following pages: [Trend Micro Support](http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx) and [Trend Micro Technical Support](https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx).
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/trendmicro
- canonical/trendmicro antivirus \+ security
- version/trendmicro antivirus \+ security/12.0.1191
- canonical/trendmicro internet security
- version/trendmicro internet security/12.0.1191
- canonical/trendmicro maximum security
- version/trendmicro maximum security/12.0.1191
- canonical/trendmicro premium security
- version/trendmicro premium security/12.0.1191
- vendor/microsoft
- canonical/microsoft windows
- canonical/trendmicro officescan
- version/trendmicro officescan/11.0
- version/trendmicro officescan/12.0
- canonical/trendmicro officescan monthly
- version/trendmicro officescan monthly/11.0
- version/trendmicro officescan monthly/12.0