CVE-2017-11394

Sažetak

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.

Reference

http://www.securityfocus.com/bid/100130
http://www.zerodayinitiative.com/advisories/ZDI-17-521
https://success.trendmicro.com/solution/1117769
https://www.exploit-db.com/exploits/42971/

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

14-10-2017 - 01:29

Objavljeno

03-08-2017 - 15:29