High severity7.5NVD Advisory· Published Oct 6, 2017· Updated May 13, 2026

CVE-2017-14086

Description

Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.

Affected products

Trend Micro/Trend Micro OfficeScanv5
Range: 11.0, XG (12.0)
Trend Micro/Officescan2 versions
cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

success.trendmicro.com/solution/1118372nvdPatchVendor Advisory
hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txtnvdExploitThird Party Advisory
packetstormsecurity.com/files/144401/TrendMicro-OfficeScan-11.0-XG-12.0-Auth-Start-Code-Execution.htmlnvdThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2017/Sep/88nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/101076nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039500nvdThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/42892/nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/541274/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.011
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000