First published: Fri May 25 2018(Updated: )
An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Credit: security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trend Micro Maximum Security | ||
Trend Micro Maximum Security | <=12.0 | |
Trendmicro Internet Security | <=12.0 | |
Trendmicro Maximum Security | <=12.0 | |
Trendmicro Premium Security | <=12.0 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-6234 is medium with a severity value of 5.5.
CVE-2018-6234 allows local attackers to disclose sensitive information on vulnerable installations of Trend Micro Maximum Security.
To exploit CVE-2018-6234, an attacker must first obtain the ability to execute low-privileged code on the target system.
The affected software for CVE-2018-6234 includes Trend Micro Maximum Security versions up to 12.0 and related products.
More information about CVE-2018-6234 can be found at the following references: [1], [2].