Vulnerabilities > CVE-2017-14084 - Unspecified vulnerability in Trendmicro Officescan 11.0/12.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
file | exploits/windows/remote/42891.txt |
id | EDB-ID:42891 |
last seen | 2018-11-30 |
modified | 2017-09-28 |
platform | windows |
port | |
published | 2017-09-28 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/42891 |
title | Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution |
type | remote |
Nessus
NASL family | Windows |
NASL id | TRENDMICRO_OFFICESCAN_12_0_1708.NASL |
description | The version of Trend Micro OfficeScan running on the remote host is 11.x prior to 11.0 SP1 CP 6426, or 12.x prior to 12.0 CP 1708. It is, therefore, affected by a remote memory corruption flaw in cgiShowClientAdm.exe due to improper input validation. An unauthenticated remote attacker can corrupt memory and cause a denial of service or potentially execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 103968 |
published | 2017-10-19 |
reporter | This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/103968 |
title | Trend Micro OfficeScan cgiShowClientAdm Remote Memory Corruption |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/144400/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt |
id | PACKETSTORM:144400 |
last seen | 2017-09-29 |
published | 2017-09-29 |
reporter | hyp3rlinx |
source | https://packetstormsecurity.com/files/144400/TrendMicro-OfficeScan-11.0-XG-12.0-Man-In-The-Middle.html |
title | TrendMicro OfficeScan 11.0 / XG (12.0) Man-In-The-Middle |
References
- http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
- http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt
- http://packetstormsecurity.com/files/144400/TrendMicro-OfficeScan-11.0-XG-12.0-Man-In-The-Middle.html
- http://packetstormsecurity.com/files/144400/TrendMicro-OfficeScan-11.0-XG-12.0-Man-In-The-Middle.html
- http://seclists.org/fulldisclosure/2017/Sep/87
- http://seclists.org/fulldisclosure/2017/Sep/87
- http://www.securityfocus.com/archive/1/541264/100/0/threaded
- http://www.securityfocus.com/archive/1/541264/100/0/threaded
- http://www.securityfocus.com/archive/1/541275/100/0/threaded
- http://www.securityfocus.com/archive/1/541275/100/0/threaded
- http://www.securityfocus.com/bid/101072
- http://www.securityfocus.com/bid/101072
- http://www.securitytracker.com/id/1039500
- http://www.securitytracker.com/id/1039500
- https://success.trendmicro.com/solution/1118372
- https://success.trendmicro.com/solution/1118372
- https://www.exploit-db.com/exploits/42891/
- https://www.exploit-db.com/exploits/42891/