CVE-2017-11394

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-08-03 15:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-11394

Mitre link : CVE-2017-11394

CVE.ORG link : CVE-2017-11394


JSON object : View

Products Affected

trendmicro

  • officescan
CWE
CWE-20

Improper Input Validation