CVE-2017-14088
HIGHTrend Micro OfficeScan 11.0 - Memory Corruption Privilege Escalation
Title source: llmDescription
Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1118372
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101070
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-828
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039500
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-17-829
Scores
CVSS v3
7.0
EPSS
0.0011
EPSS Percentile
28.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (3)
Trend Micro/Trend Micro OfficeScan
11.0, XG (12.0)
trendmicro/officescan
11.0 sp1
trendmicro/officescan_xg
12.0
Published
Oct 06, 2017
Tracked Since
Feb 18, 2026