Input validation error in OfficeScan - CVE-2018-10507
Published: June 12, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU37054
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-10507
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Trend Micro
Affected software:
OfficeScan
OfficeScan
Detailed vulnerability description
The vulnerability allows a local privileged user to manipulate data.
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.
How to mitigate CVE-2018-10507
Install update from vendor's website.