Description
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by hyp3rlinx · textwebappsphp
https://www.exploit-db.com/exploits/42889
References (8)
Core 8
Core References
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1118372
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Sep/90
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/541273/100/0/threaded
Exploit, Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42889/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039500
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101076
Scores
CVSS v3
7.5
EPSS
0.1293
EPSS Percentile
94.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (3)
Trend Micro/Trend Micro OfficeScan
11.0, XG (12.0)
trendmicro/officescan
11.0 sp1
trendmicro/officescan
12.0
Published
Oct 06, 2017
Tracked Since
Feb 18, 2026