CVE-2017-11393

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:07

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/100127 - () http://www.securityfocus.com/bid/100127 -
References () http://www.zerodayinitiative.com/advisories/ZDI-17-522 - Third Party Advisory, VDB Entry () http://www.zerodayinitiative.com/advisories/ZDI-17-522 - Third Party Advisory, VDB Entry
References () https://success.trendmicro.com/solution/1117769 - Mitigation, Patch, Vendor Advisory () https://success.trendmicro.com/solution/1117769 - Mitigation, Patch, Vendor Advisory

Information

Published : 2017-08-03 15:29

Updated : 2024-11-21 03:07


NVD link : CVE-2017-11393

Mitre link : CVE-2017-11393

CVE.ORG link : CVE-2017-11393


JSON object : View

Products Affected

trendmicro

  • officescan
CWE
CWE-20

Improper Input Validation