Vulnerabilities > Trendmicro > Officescan > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-21 CVE-2018-18332 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Officescan XG
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.
network
low complexity
trendmicro microsoft CWE-732
5.0
2018-12-21 CVE-2018-18331 Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Officescan XG
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.
network
low complexity
trendmicro microsoft CWE-732
5.0
2018-06-12 CVE-2018-10509 Unspecified vulnerability in Trendmicro Officescan 11.0/Xg
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations.
network
low complexity
trendmicro
4.0
2018-06-12 CVE-2018-10508 Unspecified vulnerability in Trendmicro Officescan 11.0/Xg
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations.
network
low complexity
trendmicro
6.5
2018-06-08 CVE-2018-10505 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver.
5.4
2018-06-08 CVE-2018-10359 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver.
5.4
2018-06-08 CVE-2018-10358 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan 11.0/Xg
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver.
5.4
2018-02-16 CVE-2018-6218 Untrusted Search Path vulnerability in Trendmicro products
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
network
high complexity
trendmicro CWE-426
5.1
2017-10-06 CVE-2017-14088 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan and Officescan XG
Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys.
6.9
2017-10-06 CVE-2017-14087 Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
network
low complexity
trendmicro CWE-20
5.0