CVE-2019-18187

CVSS 8.8 HIGHEPSS 25.1%● KEVCWE-22

In short

A vulnerability in Trend Micro OfficeScan allows an authenticated attacker to extract files from zip archives to arbitrary locations on the server, potentially leading to remote code execution. This happens because the application doesn't properly validate file paths during extraction.

Technical detail

A path traversal vulnerability in OfficeScan's zip file extraction functionality allows authenticated attackers to write files to arbitrary directories on the server. The vulnerability is exploited through crafted zip files with directory traversal sequences (e.g., ../) that bypass path validation, potentially enabling RCE execution within the web service account's privilege context.

Summary generated and translated by AI from the official description.

Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Trend Micro · Trend Micro OfficeScan

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://success.trendmicro.com/solution/000151730 https://web.archive.org/web/20200215171235/https://success.trendmicro.com/solution/000151730 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-18187