Vulnerabilities > Trendmicro > Officescan

DATE CVE VULNERABILITY TITLE RISK
2018-06-12 CVE-2018-10507 Unspecified vulnerability in Trendmicro Officescan 11.0/Xg
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations.
local
low complexity
trendmicro
4.4
2018-06-08 CVE-2018-10506 Out-of-bounds Read vulnerability in Trendmicro Officescan 11.0/Xg
A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver.
local
high complexity
trendmicro CWE-125
4.7
2018-06-08 CVE-2018-10505 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver.
local
high complexity
trendmicro CWE-119
6.3
2018-06-08 CVE-2018-10359 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver.
local
high complexity
trendmicro CWE-119
6.3
2018-06-08 CVE-2018-10358 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver.
local
high complexity
trendmicro CWE-119
6.3
2018-02-16 CVE-2018-6218 Untrusted Search Path vulnerability in Trendmicro products
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
local
high complexity
trendmicro CWE-426
7.0
2017-10-06 CVE-2017-14089 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/12.0
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
network
low complexity
trendmicro CWE-119
critical
9.8
2017-10-06 CVE-2017-14088 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan and Officescan XG
Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys.
local
high complexity
trendmicro CWE-119
7.0
2017-10-06 CVE-2017-14087 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
network
low complexity
trendmicro CWE-20
7.5
2017-10-06 CVE-2017-14086 Resource Exhaustion vulnerability in Trendmicro Officescan 11.0/12.0
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
network
low complexity
trendmicro CWE-400
7.5