Buffer overflow in Trend Micro Officescan
CVE-2017-14089
An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.
Vulnerability class: Buffer Overflow
EPSS: 0.315 (96.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Trend Micro Officescan — versions 11.0, XG (12.0)
- Trendmicro Officescan — versions 11.0, 12.0
Weakness classification (CWE)
References
- security@trendmicro.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- security@trendmicro.com (Exploit, Third Party Advisory, x_refsource_MISC)
- security@trendmicro.com (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
- security@trendmicro.com (mailing-list, x_refsource_FULLDISC, Mailing List, VDB Entry, Third Party Advisory)
- security@trendmicro.com (Exploit, VDB Entry, Third Party Advisory, exploit, x_refsource_EXPLOIT-DB)
- security@trendmicro.com (mailing-list, x_refsource_BUGTRAQ)
- security@trendmicro.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- security@trendmicro.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2017-14089?
- CVE-2017-14089 is a critical-severity vulnerability in Trend Micro Officescan, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 9.8/10. Published 2017-10-06.
- How severe is CVE-2017-14089?
- Critical severity. CVSS v3 base score is 9.8 out of 10.