Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiZer0b4byZDI-17-828
HistorySep 27, 2017 - 12:00 a.m.

Trend Micro OfficeScan tmwfp Memory Corruption Privilege Escalation Vulnerability

2017-09-2700:00:00
zer0b4by
www.zerodayinitiative.com
11

0.001 Low

EPSS

Percentile

28.6%

JSON

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Trend Micro OfficeScan. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of IOCTL 0x220008 within tmwfp.sys. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges to resources normally reserved for the kernel.

Related

cve 1
prion 1
cvelist 1
nvd 1
zdi 1
nessus 1
openvas 1
cve
cve
CVE-2017-14088
2017-10-06 01:29:01
prion
prion
Privilege escalation
2017-10-06 01:29:00
cvelist
cvelist
CVE-2017-14088
2017-10-05 13:00:00
nvd
nvd
CVE-2017-14088
2017-10-06 01:29:01
zdi
zdi
Trend Micro OfficeScan tmwfp Memory Corruption Privilege Escalation Vulnerability
2017-09-27 00:00:00
nessus
nessus
Trend Micro OfficeScan cgiShowClientAdm Remote Memory Corruption
2017-10-19 00:00:00
openvas
openvas
Trend Micro OfficeScan Multiple Vulnerabilities (Oct 2017)
2017-11-02 00:00:00

0.001 Low

EPSS

Percentile

28.6%

JSON
Related for ZDI-17-828
cve1prion1cvelist1nvd1zdi1nessus1openvas1