High severity7.0NVD Advisory· Published Oct 6, 2017· Updated May 13, 2026

CVE-2017-14088

Description

Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability.

Affected products

Trend Micro/Trend Micro OfficeScanv5
Range: 11.0, XG (12.0)
Trend Micro/Officescan
cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
Trend Micro/Officescan Xg
cpe:2.3:a:trendmicro:officescan_xg:12.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

success.trendmicro.com/solution/1118372nvdPatchVendor Advisory
www.securityfocus.com/bid/101070nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039500nvdThird Party AdvisoryVDB Entry
www.zerodayinitiative.com/advisories/ZDI-17-828nvdThird Party AdvisoryVDB Entry
www.zerodayinitiative.com/advisories/ZDI-17-829nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000