CVE-2019-18187
Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 17, 2019
- Published Date
- October 28, 2019
- Last Updated
- February 06, 2025
- Vendor
- Trend Micro
- Product
- Trend Micro OfficeScan
- Description
- Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.
CVSS Scores
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (added 2021-11-03 00:00:00 UTC) Source
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |