CVE-2017-11394

CRITICAL

Trendmicro Officescan - Improper Input Validation

Title source: rule

Description

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.

Exploits (2)

exploitdb WORKING POC

by Mehmet Ince · rubywebappsphp

https://www.exploit-db.com/exploits/42971

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by mr_me <[email protected]>, Mehmet Ince <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/trendmicro_officescan_widget_exec.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/100130

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-17-521

[Mitigation, Patch, Vendor Advisory] https://success.trendmicro.com/solution/1117769

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42971/

Scores

CVSS v3 9.8

EPSS 0.8067

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-20

Status draft

Affected Products (2)

trendmicro/officescan

trendmicro/officescan

Timeline

Published Aug 03, 2017

Tracked Since Feb 18, 2026