CVE-2017-11393
N/A
N/A
Summary
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Trend Micro | Trend Micro OfficeScan | 11, XG (12) | affected |
Weaknesses
- Proxy Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://success.trendmicro.com/solution/1117769
- http://www.zerodayinitiative.com/advisories/ZDI-17-522
- http://www.securityfocus.com/bid/100127
References
- https://success.trendmicro.com/solution/1117769
- http://www.zerodayinitiative.com/advisories/ZDI-17-522
- http://www.securityfocus.com/bid/100127
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.