Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100130 | Third Party Advisory VDB Entry |
http://www.zerodayinitiative.com/advisories/ZDI-17-521 | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/1117769 | Mitigation Patch Vendor Advisory |
https://www.exploit-db.com/exploits/42971/ |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-08-03 15:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-11394
Mitre link : CVE-2017-11394
CVE.ORG link : CVE-2017-11394
JSON object : View
Products Affected
trendmicro
- officescan
CWE
CWE-20
Improper Input Validation