QwikSec

Security Database

CVE

CWE

Training

CVE-2017-14086

Published: Oct 5, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.

Vendor	Product	Versions
Trend Micro	Trend Micro OfficeScan	affected `11.0, XG (12.0)`

References

https://success.trendmicro.com/solution/1118372

x_refsource_CONFIRM

http://packetstormsecurity.com/files/144401/TrendMicro-OfficeScan-11.0-XG-12.0-Auth-Start-Code-Execution.html

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086 (apparitionsec / hyp3rlinx)

mailing-list

x_refsource_BUGTRAQ

http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt

x_refsource_MISC

20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Start Remote Process Code Execution / DOS - INI Corruption CVE-2017-14086

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.