cbcvebase.
CVE-2024-23940
published 2024-01-29

CVE-2024-23940: Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL…

PriorityP340high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.64%
45.9th percentile
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.

Affected

6 ranges
VendorProductVersion rangeFixed in
trend_micro_inctrend_micro_security_uiairsupport>= 2023 (6.0) < 6.0.20936.0.2093
trendmicroair_support< 6.0.21036.0.2103
trendmicroantivirus_+_security< 6.0.21036.0.2103
trendmicrointernet_security< 6.0.21036.0.2103
trendmicromaximum_security< 6.0.21036.0.2103
trendmicropremium_security< 6.0.21036.0.2103
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.