CVE-2017-14088

CWE-119Buffer Overflow3 documents3 sources
Severity
7.0HIGH
EPSS
0.1%
top 70.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Trend Micro Trend Micro OfficescanTrendmicro OfficescanTrendmicro Officescan XG
Timeline
PublishedOct 6
Latest updateMay 17

Description

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

CVEListV5trend_micro/trend_micro_officescan11.0, XG (12.0)

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-qpr5-522c-rj7q: Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 112022-05-17
CVEList
CVE-2017-14088: Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 112017-10-05
CVE-2017-14088 (HIGH CVSS 7) | Memory Corruption Privilege Escalat | cvebase.io