cbcvebase.

Trendmicro Officescan vulnerabilities

70 known vulnerabilities affecting trendmicro/officescan.

Total CVEs
70
CISA KEV
6
actively exploited
Public exploits
9
Exploited in wild
7
Severity breakdown
CRITICAL8HIGH28MEDIUM33LOW1

Vulnerabilities

Page 4 of 4
CVE-2009-1435P4LOWCVSS 2.1PoCv8.02009-04-27
CVE-2009-1435 [LOW] CWE-399 CVE-2009-1435: NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to caus NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.
nvd
CVE-2018-10358P4MEDIUMCVSS 6.3v11.0vxg2018-06-08
CVE-2018-10358 [MEDIUM] CWE-119 CVE-2018-10358: A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in orde
nvd
CVE-2018-10505P4MEDIUMCVSS 6.3v11.0vxg2018-06-08
CVE-2018-10505 [MEDIUM] CWE-119 CVE-2018-10505: A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in orde
nvd
CVE-2018-10359P4MEDIUMCVSS 6.3v11.0vxg2018-06-08
CVE-2018-10359 [MEDIUM] CWE-119 CVE-2018-10359: A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in orde
nvd
CVE-2019-19691P4MEDIUMCVSS 4.9vxg2019-12-20
CVE-2019-19691 [MEDIUM] CVE-2019-19691: A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.
nvd
CVE-2021-25248P4MEDIUMCVSS 5.5vxg2021-02-04
CVE-2021-25248 [MEDIUM] CWE-125 CVE-2021-25248: An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the t
nvd
CVE-2017-8801P4MEDIUMCVSS 6.1v11.0v12.02017-05-05
CVE-2017-8801 [MEDIUM] CWE-79 CVE-2017-8801: Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before C Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
nvd
CVE-2021-28646P4MEDIUMCVSS 5.5vxg2021-04-13
CVE-2021-28646 [MEDIUM] CWE-732 CVE-2021-28646: An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and Office An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
nvd
CVE-2018-10506P4MEDIUMCVSS 4.7v11.0vxg2018-06-08
CVE-2018-10506 [MEDIUM] CWE-125 CVE-2018-10506: A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target
nvd
CVE-2010-0564P4MEDIUMCVSS 5.0≤ 8.02010-02-10
CVE-2010-0564 [MEDIUM] CWE-119 CVE-2010-0564: Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - B Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in OfficeScan 8.0 before SP1 Patch 5 - Build 3510, possibly tmufeng.dll before 3.0.0.1029, allows attackers to cause a denial of service (crash or OfficeScan hang) via unspecified vectors. NOTE: it is likely that this issue also affects tmufeng.dll before 2.0.0.1049 for OfficeScan 10.0.
nvd
Trendmicro Officescan vulnerabilities | cvebase