Vulnerability Details CVE-2017-14089
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.315
EPSS Ranking 96.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt
- http://packetstormsecurity.com/files/144464/TrendMicro-OfficeScan-11.0-XG-12.0-Memory-Corruption.html
- http://seclists.org/fulldisclosure/2017/Sep/91
- http://www.securityfocus.com/archive/1/541271/100/0/threaded
- http://www.securityfocus.com/bid/101076
- http://www.securitytracker.com/id/1039500
- https://success.trendmicro.com/solution/1118372
- https://www.exploit-db.com/exploits/42920/
- http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt
- http://packetstormsecurity.com/files/144464/TrendMicro-OfficeScan-11.0-XG-12.0-Memory-Corruption.html
- http://seclists.org/fulldisclosure/2017/Sep/91
- http://www.securityfocus.com/archive/1/541271/100/0/threaded
- http://www.securityfocus.com/bid/101076
- http://www.securitytracker.com/id/1039500
- https://success.trendmicro.com/solution/1118372
- https://www.exploit-db.com/exploits/42920/
Products affected by CVE-2017-14089
-
cpe:2.3:a:trendmicro:officescan:11.0
-
cpe:2.3:a:trendmicro:officescan:12.0