Details of VAR-201902-0568

ID

VAR-201902-0568

CVE

CVE-2018-18333

TITLE

Trend Micro Security 2019 Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2018-014370

DESCRIPTION

A DLL hijacking vulnerability in Trend Micro Security 2019 (Consumer) versions below 15.0.0.1163 and below could allow an attacker to manipulate a specific DLL and escalate privileges on vulnerable installations. Trend Micro Security 2019 (Consumer) Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-18333 // JVNDB: JVNDB-2018-014370 // VULMON: CVE-2018-18333

AFFECTED PRODUCTS

vendor:	trendmicro	model:	internet security	scope:	lt	version:	15.0.0.1163	Trust: 1.0
vendor:	trendmicro	model:	premium security	scope:	lt	version:	15.0.0.1163	Trust: 1.0
vendor:	trendmicro	model:	antivirus \+ security	scope:	lt	version:	15.0.0.1163	Trust: 1.0
vendor:	trendmicro	model:	maximum security	scope:	lt	version:	15.0.0.1163	Trust: 1.0
vendor:	trend micro	model:	antivirus + security	scope:	lt	version:	15.0.0.1163	Trust: 0.8
vendor:	trend micro	model:	internet security	scope:	lt	version:	15.0.0.1163	Trust: 0.8
vendor:	trend micro	model:	maximum security	scope:	lt	version:	15.0.0.1163	Trust: 0.8
vendor:	trend micro	model:	premium security	scope:	lt	version:	15.0.0.1163	Trust: 0.8

sources: JVNDB: JVNDB-2018-014370 // NVD: CVE-2018-18333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18333
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-18333
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201902-093
value:	HIGH
Trust: 0.6
VULMON:	CVE-2018-18333
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-18333
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2018-18333
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-18333
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2018-18333 // JVNDB: JVNDB-2018-014370 // CNNVD: CNNVD-201902-093 // NVD: CVE-2018-18333

PROBLEMTYPE DATA

problemtype:

CWE-426

Trust: 1.8

sources: JVNDB: JVNDB-2018-014370 // NVD: CVE-2018-18333

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201902-093

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201902-093

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014370

PATCH

title:	1121932	url:	https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121932.aspx	Trust: 0.8
title:	Dr.DLL-CVE-2018-18333	url:	https://github.com/mrx04programmer/Dr.DLL-CVE-2018-18333	Trust: 0.1
title:	Dr.DLL-Demo	url:	https://github.com/mrx04programmer/Dr.DLL-Demo	Trust: 0.1
title:	-	url:	https://github.com/khulnasoft-labs/awesome-security	Trust: 0.1

sources: VULMON: CVE-2018-18333 // JVNDB: JVNDB-2018-014370

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18333	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-014370	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-093	Trust: 0.6
db:	VULMON	id:	CVE-2018-18333	Trust: 0.1

sources: VULMON: CVE-2018-18333 // JVNDB: JVNDB-2018-014370 // CNNVD: CNNVD-201902-093 // NVD: CVE-2018-18333

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2018-18333	Trust: 1.4
url:	https://kaganisildak.com/2019/01/17/discovery-of-dll-hijack-on-trend-micro-antivirus-cve-2018-18333/	Trust: 1.1
url:	https://gaissecurity.com/yazi/discovery-of-dll-hijack-on-trend-micro-antivirusplus-cve-2018-18333	Trust: 1.1
url:	https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121932.aspx	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18333	Trust: 0.8
url:	https://kaganisildak.com/2019/01/17/discovery-of-dll-hijack-on-trend-micro-antivirus-cve-2018-18333/exploitthird party advisory	Trust: 0.6
url:	https://gaissecurity.com/yazi/discovery-of-dll-hijack-on-trend-micro-antivirusplus-cve-2018-18333exploitthird party advisory	Trust: 0.6
url:	https://esupport.trendmicro.com/en-us/home/pages/technical-support/1121932.aspxexploitvendor advisory	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/426.html	Trust: 0.1
url:	https://github.com/mrx04programmer/dr.dll-cve-2018-18333	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2018-18333 // JVNDB: JVNDB-2018-014370 // CNNVD: CNNVD-201902-093 // NVD: CVE-2018-18333

SOURCES

db:	VULMON	id:	CVE-2018-18333
db:	JVNDB	id:	JVNDB-2018-014370
db:	CNNVD	id:	CNNVD-201902-093
db:	NVD	id:	CVE-2018-18333

LAST UPDATE DATE

2024-08-14T14:26:28.226000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2018-18333	date:	2021-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-014370	date:	2019-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201902-093	date:	2021-09-10T00:00:00
db:	NVD	id:	CVE-2018-18333	date:	2021-09-09T13:35:24.530

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2018-18333	date:	2019-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-014370	date:	2019-03-19T00:00:00
db:	CNNVD	id:	CNNVD-201902-093	date:	2019-02-05T00:00:00
db:	NVD	id:	CVE-2018-18333	date:	2019-02-05T22:29:00.237