CVE-2017-14086

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan versions 11.0 and XG

Description The issue is related to resource management errors. It may allow a remote attacker with access to the OfficeScan server to execute the fcgiOfcDDA.exe executable or cause potential INI file corruption. This could lead to the consumption of server disk space with dump files from continuous HTTP requests.

Recommendations For Trend Micro OfficeScan versions 11.0 and XG, consider restricting access to the server to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of the fcgiOfcDDA.exe executable until a patch is available. Restrict access to the vulnerable INI files to prevent potential corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.