CVE-2024-23940

Published: Jan 29, 2024

Modified: May 29, 2025

PUBLISHED

Description

Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system.

Vendor	Product	Versions
Trend Micro, Inc.	Trend Micro Security (Consumer) uiAirSupport	affected `2023 (6.0) - < 6.0.2093`

References

https://helpcenter.trendmicro.com/en-us/article/tmka-12134

https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132

https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-23940

Description

Affected Products

References