Advisory Details

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within processing of ID_AMSP_MASTER requests in the service process coreServiceShell.exe. When parsing the request buffer, the process does not properly validate user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.

• 2018-04-19 - Vulnerability reported to vendor
• 2018-08-30 - Coordinated public release of advisory
• 2018-08-30 - Advisory Updated