CVE-2017-14084

HIGH

Trend Micro OfficeScan 11.0 and XG (12.0) - Remote Code Execution via Man-in-the-Middle Attack

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14084. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This is a vulnerability writeup for CVE-2017-14084, detailing a Man-in-the-Middle (MITM) Remote Code Execution flaw in TrendMicro OfficeScan due to insecure cURL SSL settings. The advisory explains how the vulnerability arises from disabling SSL certificate verification in the Send() function of HttpTalk.php.

Description

A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.

Exploits (1)

exploitdb WRITEUP VERIFIED
by hyp3rlinx · textremotewindows
https://www.exploit-db.com/exploits/42891

This is a vulnerability writeup for CVE-2017-14084, detailing a Man-in-the-Middle (MITM) Remote Code Execution flaw in TrendMicro OfficeScan due to insecure cURL SSL settings. The advisory explains how the vulnerability arises from disabling SSL certificate verification in the Send() function of HttpTalk.php.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: TrendMicro OfficeScan v11.0 and XG (12.0)
No auth needed
Prerequisites: Man-in-the-Middle position · Ability to intercept and modify network traffic
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Issue Tracking, Mitigation, Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1118372
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/541275/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101072
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/541264/100/0/threaded
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Sep/87
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039500
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42891/

Scores

CVSS v3 8.1
EPSS 0.1013
EPSS Percentile 95.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (3)
Trend Micro/Trend Micro OfficeScan 11.0, XG (12.0)
trendmicro/officescan 11.0 sp1
trendmicro/officescan 12.0
Published Oct 06, 2017
Tracked Since Feb 18, 2026