CVE-2017-11386

Name of the Vulnerable Software and Affected Versions Trend Micro Control Manager version 6.0

Description The issue is related to a SQL injection that causes remote code execution due to a lack of proper user input validation in the cmdHandlerNewReportScheduler.dll module. This occurs when executing a specific opcode, 0x4707.

Recommendations For Trend Micro Control Manager version 6.0, update the software to a version that includes proper user input validation to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the cmdHandlerNewReportScheduler.dll module to minimize the risk of exploitation.