Critical severity9.8NVD Advisory· Published Oct 6, 2017· Updated May 13, 2026

CVE-2017-14089

Description

An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.

Affected products

Trend Micro/Officescan2 versions
cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:trendmicro:officescan:11.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:trendmicro:officescan:12.0:*:*:*:*:*:*:*
Trend Micro/Trend Micro OfficeScanv5
Range: 11.0, XG (12.0)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

success.trendmicro.com/solution/1118372nvdPatchVendor Advisory
hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txtnvdExploitThird Party Advisory
packetstormsecurity.com/files/144464/TrendMicro-OfficeScan-11.0-XG-12.0-Memory-Corruption.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/42920/nvdExploitThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2017/Sep/91nvdMailing ListThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/101076nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039500nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/archive/1/541271/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.025
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000