Vulnerabilities > CVE-2017-14083 - Unspecified vulnerability in Trendmicro Officescan 11.0/12.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
D2sec
name | Trend Micro OfficeScan 11.0/XG Encryption Key Disclosure |
url | http://www.d2sec.com/exploits/trend_micro_officescan_11.0_xg_encryption_key_disclosure.html |
Exploit-Db
description | Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure. CVE-2017-14083. Webapps exploit for PHP platform |
file | exploits/php/webapps/42889.txt |
id | EDB-ID:42889 |
last seen | 2017-09-29 |
modified | 2017-09-28 |
platform | php |
port | |
published | 2017-09-28 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/42889/ |
title | Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure |
type | webapps |
Nessus
NASL family | Windows |
NASL id | TRENDMICRO_OFFICESCAN_12_0_1708.NASL |
description | The version of Trend Micro OfficeScan running on the remote host is 11.x prior to 11.0 SP1 CP 6426, or 12.x prior to 12.0 CP 1708. It is, therefore, affected by a remote memory corruption flaw in cgiShowClientAdm.exe due to improper input validation. An unauthenticated remote attacker can corrupt memory and cause a denial of service or potentially execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 103968 |
published | 2017-10-19 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/103968 |
title | Trend Micro OfficeScan cgiShowClientAdm Remote Memory Corruption |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/144398/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt |
id | PACKETSTORM:144398 |
last seen | 2017-09-29 |
published | 2017-09-29 |
reporter | hyp3rlinx |
source | https://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html |
title | TrendMicro OfficeScan 11.0 / XG (12.0) Encryption Key Disclosure |
References
- http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt
- http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt
- http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html
- http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html
- http://seclists.org/fulldisclosure/2017/Sep/90
- http://seclists.org/fulldisclosure/2017/Sep/90
- http://www.securityfocus.com/archive/1/541273/100/0/threaded
- http://www.securityfocus.com/archive/1/541273/100/0/threaded
- http://www.securityfocus.com/bid/101076
- http://www.securityfocus.com/bid/101076
- http://www.securitytracker.com/id/1039500
- http://www.securitytracker.com/id/1039500
- https://success.trendmicro.com/solution/1118372
- https://success.trendmicro.com/solution/1118372
- https://www.exploit-db.com/exploits/42889/
- https://www.exploit-db.com/exploits/42889/