CVE-2019-18187

Name of the Vulnerable Software and Affected Versions Trend Micro OfficeScan versions 11.0 and XG (12.0)

Description The issue is related to a directory traversal vulnerability that could be exploited by an attacker to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, potentially leading to remote code execution (RCE). The remote process execution is bound to a web service account, which may have restricted permissions depending on the web platform used. An attempted attack requires user authentication. This vulnerability was exploited in a real-world incident, where hackers used it to steal around 200 MB of data, including closed technical information, from Mitsubishi Electric.

Recommendations For Trend Micro OfficeScan versions 11.0 and XG (12.0), consider disabling the ability to extract files from zip archives to mitigate the risk of exploitation until a patch is available. As a temporary workaround, restrict access to the web service account to minimize the risk of remote code execution. Avoid using the vulnerable directory traversal functionality in the OfficeScan server until the issue is resolved.