PT-2017-2557 · Trend Micro · Trend Micro Officescan

Steven Seeley

Published

2017-08-03

Updated

2017-11-29

CVE-2017-11393

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan versions 11 and 12

Description The issue is related to a proxy command injection vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations. This can be exploited by parsing the tr parameter within "Proxy.php". The vulnerability exists due to insufficient input validation, which may allow a remote attacker to execute arbitrary code as a result of processing the tr parameter.

Recommendations For Trend Micro OfficeScan versions 11 and 12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2017-01769

CVE-2017-11393

ZDI-17-522

Affected Products

Trend Micro Officescan

PT-2017-2557 · Trend Micro · Trend Micro Officescan

CVE-2017-11393

Weakness Enumeration

Related Identifiers

Affected Products

References · 7