|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-06-08 | |
| Rule Name: | Trend Micro OfficeScan Remote Code Execution Vulnerability (CVE-2017-11394) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Others | |
| Reference: | SecurityFocusBID:100130 ExploitDB:42971 ZeroDayInitiative:ZDI-17-521 https://success.trendmicro.com/solution/1117769 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://success.trendmicro.com/solution/1117769 |