CVE-2017-14088

EUVD-2017-5600
Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
trendmicroofficescan
11.0:sp1
trendmicroofficescan_xg
12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/101070
http://www.securitytracker.com/id/1039500
http://www.zerodayinitiative.com/advisories/ZDI-17-828
http://www.zerodayinitiative.com/advisories/ZDI-17-829
https://success.trendmicro.com/solution/1118372
http://www.securityfocus.com/bid/101070
http://www.securitytracker.com/id/1039500
http://www.zerodayinitiative.com/advisories/ZDI-17-828
http://www.zerodayinitiative.com/advisories/ZDI-17-829
https://success.trendmicro.com/solution/1118372