CVE-2017-14089

CRITICAL

Trend Micro OfficeScan <11.0 - Memory Corruption

Title source: llm

Description

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · pythondoswindows

https://www.exploit-db.com/exploits/42920

View Code ZIP pw:eip

References (8)

[Exploit, Third Party Advisory] http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/144464/TrendMicro-OfficeScan-11.0-XG-12.0-Memory-Corruption.html

[Mailing List, Third Party Advisory, VDB Entry] http://seclists.org/fulldisclosure/2017/Sep/91

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/101076

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1039500

[Patch, Vendor Advisory] https://success.trendmicro.com/solution/1118372

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42920/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/541271/100/0/threaded

Scores

CVSS v3 9.8

EPSS 0.3150

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (3)

Trend Micro/Trend Micro OfficeScan 11.0, XG (12.0)

trendmicro/officescan 11.0 sp1

trendmicro/officescan 12.0

Published Oct 06, 2017

Tracked Since Feb 18, 2026