Vulnerabilities > Trendmicro > Officescan > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-21 | CVE-2018-18332 | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Officescan XG A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations. | 5.0 |
| 2018-12-21 | CVE-2018-18331 | Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Officescan XG A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations. | 5.0 |
| 2018-06-12 | CVE-2018-10509 | Unspecified vulnerability in Trendmicro Officescan 11.0/Xg A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. | 4.0 |
| 2018-06-12 | CVE-2018-10508 | Unspecified vulnerability in Trendmicro Officescan 11.0/Xg A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. | 6.5 |
| 2018-06-08 | CVE-2018-10505 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. | 5.4 |
| 2018-06-08 | CVE-2018-10359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. | 5.4 |
| 2018-06-08 | CVE-2018-10358 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. | 5.4 |
| 2018-02-16 | CVE-2018-6218 | Untrusted Search Path vulnerability in Trendmicro products A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | 5.1 |
| 2017-10-06 | CVE-2017-14088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan and Officescan XG Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. | 6.9 |
| 2017-10-06 | CVE-2017-14087 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | 5.0 |