Trendmicro Antivirus vulnerabilities

CVE-2022-24671 [HIGH] CWE-59 CVE-2022-24671: A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and b A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2021-43771 [HIGH] CVE-2021-43771: Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privil Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the targe

CVE-2021-28648 [HIGH] CVE-2021-28648: Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged co

CVE-2021-25227 [LOW] CWE-400 CVE-2021-25227: Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability tha Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must al

CVE-2020-27015 [MEDIUM] CWE-209 CVE-2020-27015: Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulne Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

CVE-2020-27014 [MEDIUM] CWE-367 CVE-2020-27014: Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Thr Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerabilit

CVE-2020-27013 [MEDIUM] CVE-2020-27013: Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs wh Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must first obtain the ability to execute low-privileged code on th

CVE-2020-25778 [MEDIUM] CWE-209 CVE-2020-25778: Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension whe Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

CVE-2020-25777 [MEDIUM] CVE-2020-25777: Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request a Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

CVE-2020-25779 [LOW] CVE-2020-25779: Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domai Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature.

CVE-2020-25776 [HIGH] CWE-59 CVE-2020-25776: Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVE-2019-19695 [HIGH] CWE-59 CVE-2019-19695: A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) cou A privilege escalation vulnerability in Trend Micro Antivirus for Mac 2019 (v9.0.1379 and below) could potentially allow an attacker to create a symbolic link to a target file and modify it.

CVE-2018-6232 [HIGH] CWE-120 CVE-2018-6232: A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in

CVE-2018-6233 [HIGH] CWE-120 CVE-2018-6233: A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222060 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in

CVE-2018-6235 [HIGH] CWE-787 CVE-2018-6235: An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target syst

CVE-2018-6236 [HIGH] CWE-362 CVE-2018-6236: A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Cons A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the ability to execute low-privileged code on the target system

CVE-2018-6234 [MEDIUM] CWE-125 CVE-2018-6234: An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer An Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on t

CVE-2017-5565 [MEDIUM] CWE-427 CVE-2017-5565: Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 1 Code injection vulnerability in Trend Micro Maximum Security 11.0 (and earlier), Internet Security 11.0 (and earlier), and Antivirus+ Security 11.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Trend Micro process via a "DoubleAgent" attack. One perspective on this issu