Vulnerability identifier: #VU37064
Vulnerability risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
OfficeScan
Client/Desktop applications /
Antivirus software/Personal firewalls
Vendor: Trend Micro
Description
The vulnerability allows a local authenticated user to #BASIC_IMPACT#.
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Mitigation
Install update from vendor's website.
Vulnerable software versions
OfficeScan: 11.0 - XG
External links
http://success.trendmicro.com/solution/1119961
http://www.zerodayinitiative.com/advisories/ZDI-18-564/
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.