CVE-2024-23940

Name of the Vulnerable Software and Affected Versions Trend Micro uiAirSupport versions 6.0.2092 and below

Description The issue is related to a DLL hijacking/proxying vulnerability in the Trend Micro uiAirSupport component. If exploited, this could allow an attacker to impersonate and modify a library, execute code on the system, and ultimately escalate privileges on an affected system. The vulnerability is associated with the loading of untrusted DLL libraries, which may enable an attacker to read, modify, or delete data, execute arbitrary code, and elevate their privileges.

Recommendations For versions 6.0.2092 and below, consider disabling the vulnerable DLL loading functionality as a temporary workaround until a patch is available. Restrict access to the uiAirSupport component to minimize the risk of exploitation. Avoid using potentially vulnerable libraries in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.