CVE-2017-14085

MEDIUM

Trend Micro OfficeScan <11.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14085. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates unauthorized NT domain and PHP information disclosure in TrendMicro OfficeScan XG. It leverages unauthenticated HTTP requests to expose sensitive system details via vulnerable endpoints.

Description

Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/42893

View Code ZIP pw:eip

This exploit demonstrates unauthorized NT domain and PHP information disclosure in TrendMicro OfficeScan XG. It leverages unauthenticated HTTP requests to expose sensitive system details via vulnerable endpoints.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: TrendMicro OfficeScan v11.0 and XG (12.0)

No auth needed

Prerequisites: Network access to the target system · TrendMicro OfficeScan XG running on port 4343

MITRE ATT&CK