Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Officescan
(Trendmicro)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 71 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-10-06 | CVE-2017-14086 | Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests. | Officescan | 7.5 | ||
| 2017-10-06 | CVE-2017-14084 | A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | Officescan | 8.1 | ||
| 2017-10-06 | CVE-2017-14083 | A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | Officescan | 7.5 | ||
| 2019-07-26 | CVE-2019-9492 | A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system. | Officescan | 7.8 | ||
| 2018-07-06 | CVE-2018-3608 | A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | Antivirus_\+_security, Internet_security, Maximum_security, Officescan, Officescan_monthly, Premium_security | 9.8 | ||
| 2018-06-12 | CVE-2018-10509 | A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability. | Officescan | 8.8 | ||
| 2018-06-12 | CVE-2018-10508 | A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability. | Officescan | 8.8 | ||
| 2018-06-12 | CVE-2018-10507 | A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability. | Officescan | 4.4 | ||
| 2018-06-08 | CVE-2018-10506 | A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Officescan | 4.7 | ||
| 2018-06-08 | CVE-2018-10505 | A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | Officescan | 6.3 |