EIP-2026-118027

PRE-CVE

Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118027. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This advisory details a local privilege escalation vulnerability in Trend Micro OfficeScan XG, where the Image File Execution Options (IFEO) registry key can be manipulated to bypass the Unauthorized Change Prevention Service, allowing arbitrary code execution as SYSTEM upon reboot.

Description

Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/42890

View Code ZIP pw:eip

This advisory details a local privilege escalation vulnerability in Trend Micro OfficeScan XG, where the Image File Execution Options (IFEO) registry key can be manipulated to bypass the Unauthorized Change Prevention Service, allowing arbitrary code execution as SYSTEM upon reboot.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Trend Micro OfficeScan v11.0 and XG (12.0)

Auth required

Prerequisites: Local access to the target system · Administrator privileges to modify the registry

MITRE ATT&CK

T1546.012 - Image File Execution Options Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026