CVE-2018-10357 – Trend Micro Endpoint Application Control FileDrop Directory Traversal Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2018-10357

A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability. Una vulnerabilidad de salto de directorio en Trend Micro Endpoint Application Control 2.0 podría permitir que un atacante remoto ejecute código arbitrarias en instalaciones vulnerables debido a un error en el servlet FileDrop. Se requiere autenticación para explotar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Endpoint Application Control. • http://www.securityfocus.com/bid/104355 https://success.trendmicro.com/solution/1119811 https://www.zerodayinitiative.com/advisories/ZDI-18-469 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •