|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-09-25 | |
| Rule Name: | Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection Vulnerability (CVE-2017-11385) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows | |
| Reference: | CVE-2017-11385 SecurityFocusBID:100078 https://success.trendmicro.com/solution/1117722 ZeroDayInitiative:ZDI SecurityTrackerID:1039049 |
|
| Solutions |
|---|
| Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/1117722 |