CVE-2018-3608

CRITICAL

Trendmicro Antivirus + Security < 12.0.1191 - Code Injection

Title source: rule

Description

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.

Exploits (1)

nomisec WRITEUP 2 stars

by gguaiker · poc

https://github.com/gguaiker/Trend_Micro_POC

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx

[Vendor Advisory] https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx

Scores

CVSS v3 9.8

EPSS 0.0367

EPSS Percentile 87.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (8)

trendmicro/antivirus_\+_security < 12.0.1191

trendmicro/internet_security < 12.0.1191

trendmicro/maximum_security < 12.0.1191

trendmicro/officescan 11.0

trendmicro/officescan 12.0

trendmicro/officescan_monthly 11.0

trendmicro/officescan_monthly 12.0

trendmicro/premium_security < 12.0.1191

Published Jul 06, 2018

Tracked Since Feb 18, 2026