Vulnerabilities (CVE)

Filtered by vendor Trendmicro Subscribe
Filtered by product Officescan
Total 71 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18189 1 Trendmicro 3 Apex One, Officescan, Worry-free Business Security 2023-12-10 10.0 HIGH 9.8 CRITICAL
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (11.0, XG) and Worry-Free Business Security (9.5, 10.0) may allow an attacker to bypass authentication and log on to an affected product's management console as a root user. The vulnerability does not require authentication.
CVE-2019-18187 2 Microsoft, Trendmicro 2 Windows, Officescan 2023-12-10 5.0 MEDIUM 7.5 HIGH
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.
CVE-2019-19691 2 Microsoft, Trendmicro 3 Windows, Apex One, Officescan 2023-12-10 4.0 MEDIUM 4.9 MEDIUM
A vulnerability in Trend Micro Apex One and OfficeScan XG could allow an attacker to expose a masked credential key by manipulating page elements using development tools. Note that the attacker must already have admin/root privileges on the product console to exploit this vulnerability.
CVE-2019-14688 2 Microsoft, Trendmicro 9 Windows, Control Manager, Endpoint Sensor and 6 more 2023-12-10 5.1 MEDIUM 7.0 HIGH
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run.
CVE-2019-9492 2 Microsoft, Trendmicro 2 Windows, Officescan 2023-12-10 4.6 MEDIUM 7.8 HIGH
A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system.
CVE-2019-9489 2 Microsoft, Trendmicro 6 Windows, Apex One, Apex One As A Service and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
A directory traversal vulnerability in Trend Micro Apex One, OfficeScan (versions XG and 11.0), and Worry-Free Business Security (versions 10.0, 9.5 and 9.0) could allow an attacker to modify arbitrary files on the affected product's management console.
CVE-2018-18331 2 Microsoft, Trendmicro 2 Windows, Officescan 2023-12-10 5.0 MEDIUM 7.5 HIGH
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations.
CVE-2018-18332 2 Microsoft, Trendmicro 2 Windows, Officescan 2023-12-10 5.0 MEDIUM 7.5 HIGH
A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable installations.
CVE-2018-3608 2 Microsoft, Trendmicro 7 Windows, Antivirus \+ Security, Internet Security and 4 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes.
CVE-2018-10508 1 Trendmicro 1 Officescan 2023-12-10 6.5 MEDIUM 8.8 HIGH
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.
CVE-2018-10359 1 Trendmicro 1 Officescan 2023-12-10 5.4 MEDIUM 6.3 MEDIUM
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-10506 1 Trendmicro 1 Officescan 2023-12-10 1.9 LOW 4.7 MEDIUM
A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-10505 1 Trendmicro 1 Officescan 2023-12-10 5.4 MEDIUM 6.3 MEDIUM
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-10358 1 Trendmicro 1 Officescan 2023-12-10 5.4 MEDIUM 6.3 MEDIUM
A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2018-10507 1 Trendmicro 1 Officescan 2023-12-10 2.1 LOW 4.4 MEDIUM
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
CVE-2018-10509 1 Trendmicro 1 Officescan 2023-12-10 4.0 MEDIUM 8.8 HIGH
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.
CVE-2018-6218 1 Trendmicro 5 Deep Security, Endpoint Sensor, Officescan and 2 more 2023-12-10 5.1 MEDIUM 7.0 HIGH
A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system.
CVE-2017-11394 1 Trendmicro 1 Officescan 2023-12-10 10.0 HIGH 9.8 CRITICAL
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CVE-2017-11393 1 Trendmicro 1 Officescan 2023-12-10 10.0 HIGH 9.8 CRITICAL
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543.
CVE-2017-14086 1 Trendmicro 1 Officescan 2023-12-10 7.8 HIGH 7.5 HIGH
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.