CVE-2017-14088

Sažetak

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Reference

http://www.securityfocus.com/bid/101070
http://www.securitytracker.com/id/1039500
http://www.zerodayinitiative.com/advisories/ZDI-17-828
http://www.zerodayinitiative.com/advisories/ZDI-17-829
https://success.trendmicro.com/solution/1118372

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

13-10-2017 - 18:05

Objavljeno

06-10-2017 - 01:29