First published: Mon Oct 28 2019(Updated: )
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.
Credit: security@trendmicro.com security@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trendmicro Officescan | =11.0-sp1 | |
Trendmicro Officescan | =xg | |
Trendmicro Officescan | =xg-sp1 | |
Microsoft Windows | ||
Trend Micro OfficeScan | ||
All of | ||
Any of | ||
Trendmicro Officescan | =11.0-sp1 | |
Trendmicro Officescan | =xg | |
Trendmicro Officescan | =xg-sp1 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18187 is a directory traversal vulnerability in Trend Micro OfficeScan that could potentially lead to remote code execution (RCE).
Trend Micro OfficeScan versions 11.0 and XG (12.0) are affected by CVE-2019-18187.
An attacker can exploit CVE-2019-18187 by utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server.
CVE-2019-18187 has a severity rating of 7.5 (High).
To fix CVE-2019-18187, it is recommended to update to a patched version of Trend Micro OfficeScan.