CVE-2018-10507
MEDIUMTrend Micro OfficeScan <11.0 SP1 - Privilege Escalation
Title source: llmDescription
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by hyp3rlinx · textlocalwindows
https://www.exploit-db.com/exploits/44858
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt
Patch, Vendor Advisory x_refsource_confirm
https://success.trendmicro.com/solution/1119961
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44858/
Scores
CVSS v3
4.4
EPSS
0.0080
EPSS Percentile
74.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (2)
trendmicro/officescan
11.0 sp1
trendmicro/officescan
xg (2 CPE variants)
Published
Jun 12, 2018
Tracked Since
Feb 18, 2026