|
|||
Rule General Information |
---|
Release Date: | 2017-09-25 | |
Rule Name: | Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection Vulnerability (CVE-2017-11385) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. | |
Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows | |
Reference: | CVE-2017-11385 SecurityFocusBID:100078 https://success.trendmicro.com/solution/1117722 ZeroDayInitiative:ZDI SecurityTrackerID:1039049 |
|
Solutions |
---|
Trend Micro has issued an update to correct this vulnerability. More details can be found at: https://success.trendmicro.com/solution/1117722 |