CVE-2017-14088

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.
References
Link Resource
https://success.trendmicro.com/solution/1118372 Patch Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-17-829 Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-828 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039500 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101070 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:trendmicro:officescan_xg:12.0:*:*:*:*:*:*:*
cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*

Information

Published : 2017-10-05 18:29

Updated : 2017-10-13 11:05


NVD link : CVE-2017-14088

Mitre link : CVE-2017-14088


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

trendmicro

  • officescan_xg
  • officescan