HTTP: Trend Micro OfficeScan Proxy.php Command Injection

This signature detects attempts to exploit a known vulnerability in the Trend Micro's OfficeScan. Successful exploitation of these vulnerabilities could lead to arbitrary command execution under the security context of the IUSR account.

Extended Description

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.

Affected Products

Trendmicro officescan

References

BugTraq: 100130

CVE: CVE-2017-11394

Short Name
HTTP:TM-OFFICESCAN-CI
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-11394 Command Injection Micro OfficeScan Proxy.php Trend bid:100130
Release Date
08/21/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Trendmicro

CVSS Score

10.0

Found a potential security threat?