← back
CVE-2017-11394

CVE-2017-11394

EPSS 66.8%
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
Affected products
Trend Micro · Trend Micro OfficeScan
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42971/unverifiedexploitdbwww.exploit-db.com/exploits/42971unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://success.trendmicro.com/solution/1117769https://www.exploit-db.com/exploits/42971/http://www.securityfocus.com/bid/100130http://www.zerodayinitiative.com/advisories/ZDI-17-521