CVE-2018-10359

CWE-119Buffer Overflow3 documents3 sources
Severity
6.3MEDIUM
EPSS
0.1%
top 75.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro Trend Micro OfficescanTrendmicro Officescan
Timeline
PublishedJun 8
Latest updateMay 13

Description

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.0 | Impact: 5.2

Affected Packages2 packages

NVDtrendmicro/officescan11.0, xg+1
CVEListV5trend_micro/trend_micro_officescan11.0 SP1, XG

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-vwq2-64wh-x9m4: A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 112022-05-13
CVEList
CVE-2018-10359: A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 112018-06-08
CVE-2018-10359 (MEDIUM CVSS 6.3) | A pool corruption privilege escalat | cvebase.io