CVE-2024-23940
Severity CVSS v4.0:
Pending analysis
Type:
CWE-427
Uncontrolled Search Path Element
Publication date:
29/01/2024
Last modified:
29/05/2025
Description
Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:trendmicro:air_support:*:*:*:*:*:*:*:* | 6.0.2103 (excluding) | |
| cpe:2.3:a:trendmicro:antivirus_\+_security:*:*:*:*:*:*:*:* | 6.0.2103 (excluding) | |
| cpe:2.3:a:trendmicro:internet_security:*:*:*:*:*:*:*:* | 6.0.2103 (excluding) | |
| cpe:2.3:a:trendmicro:maximum_security:*:*:*:*:*:*:*:* | 6.0.2103 (excluding) | |
| cpe:2.3:a:trendmicro:premium_security:*:*:*:*:*:*:*:* | 6.0.2103 (excluding) | |
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://helpcenter.trendmicro.com/en-us/article/tmka-12134
- https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132
- https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1
- https://helpcenter.trendmicro.com/en-us/article/tmka-12134
- https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132
- https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1