CVE-2018-6234

Name of the Vulnerable Software and Affected Versions Trend Micro Maximum Security (Consumer) version 2018

Description The issue is related to an Out-of-Bounds Read Information Disclosure, which could allow a local attacker to disclose sensitive information due to a flaw in the processing of IOCTL 0x222814 by the tmnciesc.sys driver. To exploit this, an attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations For Trend Micro Maximum Security (Consumer) version 2018, consider restricting access to the tmnciesc.sys driver to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the IOCTL 0x222814 to prevent potential information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.