Vulnerabilities (CVE)

Filtered by vendor Trendmicro Subscribe
Filtered by product Officescan
Total 71 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9489 2 Microsoft, Trendmicro 6 Windows, Apex One, Apex One As A Service and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
CVE-2019-19691 2 Microsoft, Trendmicro 3 Windows, Apex One, Officescan 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.
CVE-2019-18189 1 Trendmicro 3 Apex One, Officescan, Worry-free Business Security 2024-11-21 10.0 HIGH 9.8 CRITICAL
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
CVE-2019-18187 2 Microsoft, Trendmicro 2 Windows, Officescan 2024-11-21 5.0 MEDIUM 7.5 HIGH
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.
CVE-2019-14688 2 Microsoft, Trendmicro 9 Windows, Control Manager, Endpoint Sensor and 6 more 2024-11-21 5.1 MEDIUM 7.0 HIGH
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
CVE-2018-6218 1 Trendmicro 5 Deep Security, Endpoint Sensor, Officescan and 2 more 2024-11-21 5.1 MEDIUM 7.0 HIGH
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
CVE-2018-3608 2 Microsoft, Trendmicro 7 Windows, Antivirus \+ Security, Internet Security and 4 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
CVE-2018-18332 2 Microsoft, Trendmicro 2 Windows, Officescan 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.
CVE-2018-18331 2 Microsoft, Trendmicro 2 Windows, Officescan 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.
CVE-2018-10509 1 Trendmicro 1 Officescan 2024-11-21 4.0 MEDIUM 8.8 HIGH
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.
CVE-2018-10508 1 Trendmicro 1 Officescan 2024-11-21 6.5 MEDIUM 8.8 HIGH
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.
CVE-2018-10507 1 Trendmicro 1 Officescan 2024-11-21 2.1 LOW 4.4 MEDIUM
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
CVE-2018-10506 1 Trendmicro 1 Officescan 2024-11-21 1.9 LOW 4.7 MEDIUM
A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-10505 1 Trendmicro 1 Officescan 2024-11-21 5.4 MEDIUM 6.3 MEDIUM
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-10359 1 Trendmicro 1 Officescan 2024-11-21 5.4 MEDIUM 6.3 MEDIUM
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-10358 1 Trendmicro 1 Officescan 2024-11-21 5.4 MEDIUM 6.3 MEDIUM
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2017-8801 1 Trendmicro 1 Officescan 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
CVE-2017-5481 1 Trendmicro 1 Officescan 2024-11-21 4.0 MEDIUM 8.8 HIGH
Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.
CVE-2017-14089 1 Trendmicro 1 Officescan 2024-11-21 7.5 HIGH 9.8 CRITICAL
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
CVE-2017-14088 1 Trendmicro 2 Officescan, Officescan Xg 2024-11-21 6.9 MEDIUM 7.0 HIGH
Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.