Vulnerabilities > Trendmicro > Officescan > 12.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-06 | CVE-2018-3608 | Code Injection vulnerability in Trendmicro products A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | 9.8 |
| 2018-02-16 | CVE-2018-6218 | Untrusted Search Path vulnerability in Trendmicro products A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | 7.0 |
| 2017-10-06 | CVE-2017-14089 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/12.0 An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues. | 9.8 |
| 2017-10-06 | CVE-2017-14087 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | 7.5 |
| 2017-10-06 | CVE-2017-14086 | Resource Exhaustion vulnerability in Trendmicro Officescan 11.0/12.0 Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests. | 7.5 |
| 2017-10-06 | CVE-2017-14085 | Information Exposure vulnerability in Trendmicro Officescan 11.0/12.0 Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules. | 5.3 |
| 2017-10-06 | CVE-2017-14084 | Unspecified vulnerability in Trendmicro Officescan 11.0/12.0 A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | 8.1 |
| 2017-10-06 | CVE-2017-14083 | Unspecified vulnerability in Trendmicro Officescan 11.0/12.0 A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | 7.5 |
| 2017-08-03 | CVE-2017-11394 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. | 9.8 |
| 2017-08-03 | CVE-2017-11393 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. | 9.8 |