CVE-2017-11393

EUVD-2017-3020
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
trendmicroofficescan
11.0:sp1
trendmicroofficescan
12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100127
http://www.zerodayinitiative.com/advisories/ZDI-17-522
https://success.trendmicro.com/solution/1117769
http://www.securityfocus.com/bid/100127
http://www.zerodayinitiative.com/advisories/ZDI-17-522
https://success.trendmicro.com/solution/1117769