Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-14088

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Published

2017-10-06T01:29:01.067

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 7.0 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	officescan	11.0	Yes
Application	trendmicro	officescan_xg	12.0	Yes

References

http://www.securityfocus.com/bid/101070 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039500 Third Party Advisory, VDB Entry ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-17-828 Third Party Advisory, VDB Entry ([email protected])
http://www.zerodayinitiative.com/advisories/ZDI-17-829 Third Party Advisory, VDB Entry ([email protected])
https://success.trendmicro.com/solution/1118372 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/101070 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039500 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-17-828 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-17-829 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://success.trendmicro.com/solution/1118372 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)