CVE-2019-9492

CVE-2019-9492 is a DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG. The issue allows an authenticated, locally logged-in attacker to execute code and terminate the product’s process, effectively disabling endpoint protection. The description states prerequisites are authe...

CVE-2018-10509

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability...

Code injection

A potential Man-in-the-Middle MitM attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations...

CVE-2017-14088

Trend Micro OfficeScan (11.0 and XG) is affected by a local memory-corruption vulnerability in tmwfp.sys that allows a low-privilege attacker to gain kernel-level code execution. Exploitation relies on handling of IOCTLs in tmwfp.sys, enabling privilege escalation without user interaction. Severa...

CVE-2017-5481

Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation...