CVE-2017-14086
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
Vulnerabilidades de proceso remoto de inicio de preautorización en Trend Micro OfficeScan 11.0 y XG puede permitir que usuarios no autenticados con acceso al servidor OfficeScan ejecuten el archivo fcgiOfcDDA.exe o provoquen una potencial corrupción de archivos ini. Esto podría dar lugar a que el espacio de disco del servidor se consuma con archivos de volcados de peticiones HTTP continuas.
TrendMicro OfficeScan versions 11.0 and XG (12.0) suffer from Start Remote Process code execution and denial of service vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-31 CVE Reserved
- 2017-09-29 CVE Published
- 2024-01-09 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/144401/TrendMicro-OfficeScan-11.0-XG-12.0-Auth-Start-Code-Execution.html | Third Party Advisory | |
http://seclists.org/fulldisclosure/2017/Sep/88 | Mailing List | |
http://www.securityfocus.com/archive/1/541274/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/101076 | Third Party Advisory | |
http://www.securitytracker.com/id/1039500 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://success.trendmicro.com/solution/1118372 | 2019-10-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Officescan Search vendor "Trendmicro" for product "Officescan" | 11.0 Search vendor "Trendmicro" for product "Officescan" and version "11.0" | sp1 |
Affected
| ||||||
Trendmicro Search vendor "Trendmicro" | Officescan Search vendor "Trendmicro" for product "Officescan" | 12.0 Search vendor "Trendmicro" for product "Officescan" and version "12.0" | - |
Affected
|