Lucene search

TrendmicroCVE-2018-6218

HistoryFeb 16, 2018 - 10:29 p.m.

CVE-2018-6218

2018-02-1622:29:00

CWE-426

trendmicro

web.nvd.nist.gov

cve-2018-6218

dll hijacking

trend micro

user-mode hooking module

umh

nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.1%

JSON

A DLL Hijacking vulnerability in Trend Micro’s User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.

Affected configurations

Nvd

Node

trendmicrodeep_securityMatch10.0

trendmicrodeep_securityMatch10.1

trendmicroendpoint_sensorMatch1.6

trendmicroofficescanMatch11.0

trendmicroofficescanMatch12.0

trendmicrosecurityMatch12.0

trendmicroworry-free_business_securityMatch9.5advanced

trendmicroworry-free_business_securityMatch9.5standard

VendorProductVersionCPE
trendmicrodeep_security10.0cpe:2.3:a:trendmicro:deep_security:10.0:*:*:*:*:*:*:*
trendmicrodeep_security10.1cpe:2.3:a:trendmicro:deep_security:10.1:*:*:*:*:*:*:*
trendmicroendpoint_sensor1.6cpe:2.3:a:trendmicro:endpoint_sensor:1.6:*:*:*:*:*:*:*
trendmicroofficescan11.0cpe:2.3:a:trendmicro:officescan:11.0:*:*:*:*:*:*:*
trendmicroofficescan12.0cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*
trendmicrosecurity12.0cpe:2.3:a:trendmicro:security:12.0:*:*:*:*:*:*:*
trendmicroworry-free_business_security9.5cpe:2.3:a:trendmicro:worry-free_business_security:9.5:*:*:*:advanced:*:*:*
trendmicroworry-free_business_security9.5cpe:2.3:a:trendmicro:worry-free_business_security:9.5:*:*:*:standard:*:*:*

Vendor	Product	Version	CPE
trendmicro	deep_security	10.0	cpe:2.3:a:trendmicro:deep_security:10.0:::::::*
trendmicro	deep_security	10.1	cpe:2.3:a:trendmicro:deep_security:10.1:::::::*
trendmicro	endpoint_sensor	1.6	cpe:2.3:a:trendmicro:endpoint_sensor:1.6:::::::*
trendmicro	officescan	11.0	cpe:2.3:a:trendmicro:officescan:11.0:::::::*
trendmicro	officescan	12.0	cpe:2.3:a:trendmicro:officescan:12.0:::::::*
trendmicro	security	12.0	cpe:2.3:a:trendmicro:security:12.0:::::::*
trendmicro	worry-free_business_security	9.5	cpe:2.3:a:trendmicro:worry-free_business_security:9.5::::advanced:::
trendmicro	worry-free_business_security	9.5	cpe:2.3:a:trendmicro:worry-free_business_security:9.5::::standard:::

CNA Affected

[
  {
    "product": "Trend Micro User-Mode Hooking (UMH) Module",
    "vendor": "Trend Micro",
    "versions": [
      {
        "status": "affected",
        "version": "NA"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103096

jvn.jp/jp/JVN28865183/

success.trendmicro.com/jp/solution/1119348

success.trendmicro.com/solution/1119326

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

50.1%

JSON

Related for CVE-2018-6218