CVE-2018-6233

Name of the Vulnerable Software and Affected Versions Trend Micro Maximum Security (Consumer) version 2018

Description A buffer overflow privilege escalation issue exists due to a flaw in the processing of IOCTL 0x222060 by the tmnciesc.sys driver. This could allow a local attacker to escalate privileges on vulnerable installations, but the attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations For Trend Micro Maximum Security (Consumer) version 2018, consider restricting access to the tmnciesc.sys driver to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the vulnerable driver may also help mitigate the risk.