SB2018060822 - Multiple vulnerabilities in OfficeScan

Security Bulletin ID SB2018060822

Severity

High

Patch available

NO

Number of vulnerabilities 7

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2018-10507)

The vulnerability allows a local privileged user to manipulate data.

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.

2) Input validation error (CVE-ID: CVE-2018-10508)

The vulnerability allows a remote authenticated user to execute arbitrary code.

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. An attacker must already have at least guest privileges in order to exploit this vulnerability.

3) Input validation error (CVE-ID: CVE-2018-10509)

The vulnerability allows a remote authenticated user to execute arbitrary code.

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability.

4) Buffer overflow (CVE-ID: CVE-2018-10358)

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x2200B4 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

5) Buffer overflow (CVE-ID: CVE-2018-10359)

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220078 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

6) Buffer overflow (CVE-ID: CVE-2018-10505)

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

A pool corruption privilege escalation vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within the processing of IOCTL 0x220008 in the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

7) Out-of-bounds read (CVE-ID: CVE-2018-10506)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

SB2018060822 - Multiple vulnerabilities in OfficeScan

Breakdown by Severity

Description

Remediation

References

Please verify you're human