Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	APP:MISC:TREND-MICRO-CM-SQLI
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	APP
Keywords	Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection
Release Date	2017/08/21
Update Number	2982
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection

This signature detects attempts to exploit a known vulnerability in the Trend Micro Control Manager. Successful exploitation of this vulnerability, in conjunction with other vulnerabilities, could lead to code execution under the security context of the database.

Extended Description

SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561.

Affected Products

Trendmicro control_manager 6.0

References

BugTraq: 100078
CVE: CVE-2017-11384

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

APP: Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection

Extended Description

Affected Products

References