7.8

CVE-2017-14086

Exploit
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TrendmicroOfficescan Version11.0 Updatesp1
TrendmicroOfficescan Version12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.91% 0.94
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://www.securityfocus.com/bid/101076
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039500
Third Party Advisory
VDB Entry
https://success.trendmicro.com/solution/1118372
Patch
Vendor Advisory
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt
Third Party Advisory
Exploit
http://packetstormsecurity.com/files/144401/TrendMicro-OfficeScan-11.0-XG-12.0-Auth-Start-Code-Execution.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Sep/88
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/541274/100/0/threaded
https://www.exploit-db.com/exploits/42892/
Third Party Advisory
VDB Entry