Arbitrary Code Execution Vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1

CVE-2017-11391 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.

Learn more about our Web Application Penetration Testing UK.