CVE-2017-11394

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
trendmicroCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
trendmicroofficescan
11.0:sp1
trendmicroofficescan
12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100130
http://www.zerodayinitiative.com/advisories/ZDI-17-521
https://success.trendmicro.com/solution/1117769
https://www.exploit-db.com/exploits/42971/
http://www.securityfocus.com/bid/100130
http://www.zerodayinitiative.com/advisories/ZDI-17-521
https://success.trendmicro.com/solution/1117769
https://www.exploit-db.com/exploits/42971/