10
CVE-2017-11394
- EPSS 66.77%
- Veröffentlicht 03.08.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle security@trendmicro.com
- CVE-Watchlists
- Unerledigt
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trendmicro ≫ Officescan Version11.0 Updatesp1
Trendmicro ≫ Officescan Version12.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 66.77% | 0.992 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://success.trendmicro.com/solution/1117769
http://www.securityfocus.com/bid/100130
http://www.zerodayinitiative.com/advisories/ZDI-17-521
https://www.exploit-db.com/exploits/42971/