Main Vulnerability Database Vulnerabilities #VU37054

#VU37054 Input validation error in OfficeScan - CVE-2018-10507

Published: June 12, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU37054

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-10507

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
OfficeScan

Software vendor:
Trend Micro

Description

The vulnerability allows a local privileged user to manipulate data.

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.

Remediation

Install update from vendor's website.

External links

http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt
https://success.trendmicro.com/solution/1119961
https://www.exploit-db.com/exploits/44858/

#VU37054 Input validation error in OfficeScan - CVE-2018-10507

Description

Remediation

External links

Please verify you're human