Trend Micro Endpoint Application Control CVE-2018-10357 Directory Traversal Vulnerability

Bugtraq ID:	104355
Class:	Input Validation Error
CVE:	CVE-2018-10357
Remote:	Yes
Local:	No
Published:	May 17 2018 12:00AM
Updated:	May 17 2018 12:00AM
Credit:	Anonymous working with Trend Micro's Zero Day Initiative
Vulnerable:	Trend Micro Endpoint Application Control 2.0
Not Vulnerable:	Trend Micro Endpoint Application Control 2.0 SP1 CP3 (B1741)

Trend Micro Endpoint Application Control CVE-2018-10357 Directory Traversal Vulnerability

Trend Micro Endpoint Application Control is prone to a directory-traversal vulnerability.

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to execute arbitrary code. Failed exploit attempts will result in a denial-of-service condition.

Endpoint Application Control 2.0 is vulnerable; other versions may also be vulnerable.

Trend Micro Endpoint Application Control CVE-2018-10357 Directory Traversal Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Trend Micro Endpoint Application Control CVE-2018-10357 Directory Traversal Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.