CVE-2018-10507

MEDIUM

Trend Micro OfficeScan <11.0 SP1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10507. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This is a writeup describing a vulnerability in Trend Micro OfficeScan XG v11.0 where unauthorized changes can be made to bypass protection features. The exploit involves creating a user, modifying a service configuration, and restarting the system to gain control over protected processes.

Description

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.

Exploits (1)

exploitdb WRITEUP VERIFIED
by hyp3rlinx · textlocalwindows
https://www.exploit-db.com/exploits/44858

This is a writeup describing a vulnerability in Trend Micro OfficeScan XG v11.0 where unauthorized changes can be made to bypass protection features. The exploit involves creating a user, modifying a service configuration, and restarting the system to gain control over protected processes.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Trend Micro OfficeScan XG v11.0
Auth required
Prerequisites: Local access to the system · Administrative privileges
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1119961
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44858/

Scores

CVSS v3 4.4
EPSS 0.0136
EPSS Percentile 68.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (2)
trendmicro/officescan 11.0 sp1
trendmicro/officescan xg (2 CPE variants)
Published Jun 12, 2018
Tracked Since Feb 18, 2026