Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution (RCE). The remote process execution is bound to a web service account, which depending on the web platform used may have restricted permissions. An attempted attack requires user authentication.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 06 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: trendmicro

Published:

Updated: 2025-07-30T01:45:55.015Z

Reserved: 2019-10-17T00:00:00.000Z

Link: CVE-2019-18187

cve-icon Vulnrichment

Updated: 2024-08-05T01:47:13.639Z

cve-icon NVD

Status : Analyzed

Published: 2019-10-28T20:15:11.003

Modified: 2025-02-12T20:44:22.337

Link: CVE-2019-18187

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.