CVE-2018-3608

CWE-94 — Code Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

3.7%

top 12.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Antivirus \+ Security Trendmicro Internet Security Trendmicro Maximum Security +4 more

Timeline

PublishedJul 6

Latest updateMay 14

Description

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5trend_micro/trend_micro_maximum_security_(consumer)2018 (12.0.1191)

▶NVDtrendmicro/maximum_security12.0.1191

▶NVDtrendmicro/premium_security12.0.1191

▶NVDtrendmicro/internet_security12.0.1191

▶NVDtrendmicro/antivirus_\+_security12.0.1191

🔴Vulnerability Details

GHSA

GHSA-4wvj-8v7h-xg58: A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12↗2022-05-14

▶

CVEList

CVE-2018-3608: A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12↗2018-07-06

▶