CVE-2018-3608

high-risk
Published 2018-07-06

A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.

Do I need to act?

~
3.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Antivirus \+ Security
Internet Security
Maximum Security
Premium Security
Officescan Monthly
Officescan Monthly

Affected Vendors

Trendmicro

References (4)

Vendor Advisory http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx
Vendor Advisory https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx
Vendor Advisory http://esupport.trendmicro.com/support/vb/solution/ja-jp/1120144.aspx
Vendor Advisory https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120237.aspx
53
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 14/34 · Moderate