CVE-2017-11385

Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 6.0

Description The issue is related to a SQL injection that causes remote code execution due to a lack of proper user input validation in the cmdHandlerStatusMonitor.dll module. This occurs when executing a specific opcode, 0x6b1b.

Recommendations For Trend Micro Control Manager version 6.0, update the software to a version that includes proper user input validation to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the cmdHandlerStatusMonitor.dll module to minimize the risk of exploitation.