CVE-2017-11393

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.

Published: Aug 3, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-11393
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
trendmicro / officescan	12.0	12.0.x
trendmicro / officescan	11.0-sp1	11.0-sp1.x

http://www.securityfocus.com/bid/100127
http://www.zerodayinitiative.com/advisories/ZDI-17-522
https://success.trendmicro.com/solution/1117769

Vulnerability Database

289,784

CVE-2017-11393