Vulnerability Description
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Trendmicro | Officescan | 11.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100130Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-17-521Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1117769MitigationPatchVendor Advisory
- https://www.exploit-db.com/exploits/42971/
- http://www.securityfocus.com/bid/100130Third Party AdvisoryVDB Entry
- http://www.zerodayinitiative.com/advisories/ZDI-17-521Third Party AdvisoryVDB Entry
- https://success.trendmicro.com/solution/1117769MitigationPatchVendor Advisory
- https://www.exploit-db.com/exploits/42971/
FAQ
What is CVE-2017-11394?
CVE-2017-11394 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by pars...
How severe is CVE-2017-11394?
CVE-2017-11394 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-11394?
Check the references section above for vendor advisories and patch information. Affected products include: Trendmicro Officescan.