CVE-2017-11394: Input Validation
First published: Thu Aug 03 2017(Updated: )
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
Credit: security@trendmicro.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trend Micro OfficeScan | =11.0-sp1 | |
| Trend Micro OfficeScan | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11394?
CVE-2017-11394 is considered a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2017-11394?
To fix CVE-2017-11394, update Trend Micro OfficeScan to the latest version that patches this vulnerability.
Which versions of Trend Micro OfficeScan are affected by CVE-2017-11394?
CVE-2017-11394 affects Trend Micro OfficeScan versions 11.0-sp1 and 12.0.
What type of vulnerability is CVE-2017-11394?
CVE-2017-11394 is a proxy command injection vulnerability that can allow remote code execution.
Who can exploit CVE-2017-11394?
Remote attackers can exploit CVE-2017-11394 to execute arbitrary code on vulnerable installations.
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/weakness
- agent/type
- agent/event
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trendmicro
- canonical/trend micro officescan
- version/trend micro officescan/11.0-sp1
- version/trend micro officescan/12.0