A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. The issue results from the lack of proper validation function on 0x6F6A offset user-supplied buffer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
2018-10-23T14:29:03.077
2024-11-21T03:55:43.377
Modified
CVSSv3.0: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | trendmicro | antivirus_for_mac_2017 | ≤ 7.1.1124 | Yes |
| Application | trendmicro | antivirus_for_mac_2018 | ≤ 8.0.3082 | Yes |
| Application | trendmicro | antivirus_for_mac_2019 | ≤ 9.0.1356 | Yes |