Description
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by hyp3rlinx · textwebappsphp
https://www.exploit-db.com/exploits/42893
References (8)
Core 8
Core References
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1118372
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Sep/85
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/144402/TrendMicro-OfficeScan-11.0-XG-12.0-Information-Disclosure.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/42893/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/541281/100/0/threaded
Exploit, Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039500
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101076
Scores
CVSS v3
5.3
EPSS
0.1242
EPSS Percentile
93.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
Trend Micro/Trend Micro OfficeScan
11.0, XG (12.0)
trendmicro/officescan
11.0 sp1
trendmicro/officescan
12.0
Published
Oct 06, 2017
Tracked Since
Feb 18, 2026