CVE-2018-6235

Name of the Vulnerable Software and Affected Versions Trend Micro Maximum Security (Consumer) version 2018

Description The issue is related to an Out-of-Bounds write privilege escalation due to a flaw in the processing of IOCTL 0x222814 by the tmnciesc.sys driver. This could allow a local attacker to escalate privileges on vulnerable installations, but the attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations For Trend Micro Maximum Security (Consumer) version 2018, consider restricting access to the tmnciesc.sys driver to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the ability to execute low-privileged code on the target system can also help mitigate the risk.