Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100127 | |
http://www.zerodayinitiative.com/advisories/ZDI-17-522 | Third Party Advisory VDB Entry |
https://success.trendmicro.com/solution/1117769 | Mitigation Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2017-08-03 15:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-11393
Mitre link : CVE-2017-11393
CVE.ORG link : CVE-2017-11393
JSON object : View
Products Affected
trendmicro
- officescan
CWE
CWE-20
Improper Input Validation