PT-2017-13244 · Trend Micro · Trend Micro Officescan

Zer0B4By

Publicado

2017-09-27

Atualizado

2017-10-13

CVE-2017-14088

CVSS v3.1

7.0

Alta

Vetor

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan versions 11.0 and XG

Description The issue allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the issue.

Recommendations For Trend Micro OfficeScan versions 11.0 and XG, consider disabling the tmwfp.sys driver as a temporary workaround until a patch is available. Restrict access to the vulnerable system to minimize the risk of exploitation.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2017-14088

ZDI-17-828

ZDI-17-829

Produtos afetados

Trend Micro Officescan

PT-2017-13244 · Trend Micro · Trend Micro Officescan

CVE-2017-14088

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9