CVE-2019-18187
HIGH KEVTrend Micro OfficeScan 11.0/XG 12.0 Path Traversal & RCE via Zip Extraction
Title source: llmExploitation Summary
CVE-2019-18187 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.
References (3)
Core 3
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://success.trendmicro.com/solution/000151730
Vendor Advisory
https://web.archive.org/web/20200215171235/https://success.trendmicro.com/solution/000151730
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-18187
Scores
CVSS v3
7.5
EPSS
0.8064
EPSS Percentile
99.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2019-10-28
InTheWild.io
2019-10-28
ENISA EUVD
EUVD-2019-7990
CWE
CWE-22
Status
published
Products (2)
trendmicro/officescan
11.0 sp1
trendmicro/officescan
xg (2 CPE variants)
Published
Oct 28, 2019
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026