Vulnerability identifier: #VU37063

Vulnerability risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10358

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
OfficeScan
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Trend Micro

Description

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OfficeScan: 11.0 - XG

---

External links
http://success.trendmicro.com/solution/1119961
http://www.zerodayinitiative.com/advisories/ZDI-18-565/

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.