CVE-2017-11393

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
trendmicroCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
trendmicroofficescan
11.0:sp1
trendmicroofficescan
12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100127
http://www.zerodayinitiative.com/advisories/ZDI-17-522
https://success.trendmicro.com/solution/1117769
http://www.securityfocus.com/bid/100127
http://www.zerodayinitiative.com/advisories/ZDI-17-522
https://success.trendmicro.com/solution/1117769