Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14089

CWE-119Buffer Overflow4 documents4 sources
Severity
9.8CRITICAL
EPSS
31.5%
top 3.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Trend Micro Trend Micro OfficescanTrendmicro Officescan
Timeline
PublishedOct 6
Latest updateMay 14

Description

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDtrendmicro/officescan11.0, 12.0+1
CVEListV5trend_micro/trend_micro_officescan11.0, XG (12.0)

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-j7hg-q2fc-mphj: An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 112022-05-14
CVEList
CVE-2017-14089: An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 112017-10-05

💥Exploits & PoCs

1
Exploit-DB
Trend Micro OfficeScan 11.0/XG (12.0) - Memory Corruption2017-09-29
CVE-2017-14089 (CRITICAL CVSS 9.8) | An Unauthorized Memory Corruption v | cvebase.io