Vulnerability identifier: #VU37054

Vulnerability risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-10507

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
OfficeScan
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: Trend Micro

Description

The vulnerability allows a local privileged user to manipulate data.

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OfficeScan: 11.0 - XG

---

External links
http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt
http://success.trendmicro.com/solution/1119961
http://www.exploit-db.com/exploits/44858/

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.