JVNVU#99844997: Incorrect permission assignment vulnerability in Trend Micro uiAirSupport

Overview

Trend Micro Incorporated has released a security update for Trend Micro uiAirSupport.

Products Affected

Premium Security uiAirSupport Version 6.0.2092 and earlier
Maximum Security uiAirSupport Version 6.0.2092 and earlier
Internet Security uiAirSupport Version 6.0.2092 and earlier
Antivirus + Security uiAirSupport Version 6.0.2092 and earlier

Description

Trend Micro Incorporated has released a security update for Trend Micro uiAirSupport.

Proof-of-concept code (PoC) for this vulnerability is available on the Internet.

Impact

The users with standard user accounts may perform privilege escalation and execute arbitrary programs.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
Trend Micro Incorporated	SECURITY BULLETIN: DLL Hijacking/Proxying Vulnerability in Trend Micro Security 2023 (Consumer) uiAirSupport

References

AV — When a Friend Becomes an Enemy — (CVE-2024–23940)

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#99844997 Incorrect permission assignment vulnerability in Trend Micro uiAirSupport