CVE-2017-14086
CVE-2017-14086
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
Affected products
Trend Micro · Trend Micro OfficeScanpublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/144401/TrendMicro-OfficeScan-11.0-XG-12.0-Auth-Start-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/42892/unverifiedexploitdbwww.exploit-db.com/exploits/42892unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txthttp://packetstormsecurity.com/files/144401/TrendMicro-OfficeScan-11.0-XG-12.0-Auth-Start-Code-Execution.htmlhttp://seclists.org/fulldisclosure/2017/Sep/88https://success.trendmicro.com/solution/1118372https://www.exploit-db.com/exploits/42892/http://www.securityfocus.com/archive/1/541274/100/0/threadedhttp://www.securityfocus.com/bid/101076http://www.securitytracker.com/id/1039500