What is CVE-2017-14088?

CVE-2017-14088 is a high-severity vulnerability in Trend Micro Officescan, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.0/10. Published 2017-10-06.

How severe is CVE-2017-14088?

High severity. CVSS v3 base score is 7.0 out of 10.

Buffer overflow in Trend Micro Officescan

CVE-2017-14088

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (28.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.0 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Trend Micro Officescan — versions 11.0, XG (12.0)
Trendmicro Officescan — versions 11.0
Trendmicro Officescan_xg — versions 12.0

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

security@trendmicro.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
security@trendmicro.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@trendmicro.com (VDB Entry, Third Party Advisory, x_refsource_MISC)
security@trendmicro.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
security@trendmicro.com (VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2017-14088?: CVE-2017-14088 is a high-severity vulnerability in Trend Micro Officescan, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.0/10. Published 2017-10-06.
How severe is CVE-2017-14088?: High severity. CVSS v3 base score is 7.0 out of 10.