CVE-2017-11393
CRITICALTrend Micro OfficeScan 11 and XG (12) - Remote Code Execution via Proxy.php tr Parameter
Title source: llmDescription
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
References (3)
Core 3
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/1117769
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-522
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100127
Scores
CVSS v3
9.8
EPSS
0.0843
EPSS Percentile
92.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (3)
Trend Micro/Trend Micro OfficeScan
11, XG (12)
trendmicro/officescan
11.0 sp1
trendmicro/officescan
12.0
Published
Aug 03, 2017
Tracked Since
Feb 18, 2026