CVE-2017-14078
critical
CVSS v3
9.8
CVSS v4 NEW
โ
VIR risk
9.8
Description
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
Predictions
Exploit likelihood
97%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| trendmicro | mobile_security | 9.7 | |
References
- http://www.securityfocus.com/bid/100966
- http://www.zerodayinitiative.com/advisories/ZDI-17-739
- http://www.zerodayinitiative.com/advisories/ZDI-17-740
- http://www.zerodayinitiative.com/advisories/ZDI-17-741
- http://www.zerodayinitiative.com/advisories/ZDI-17-742
- http://www.zerodayinitiative.com/advisories/ZDI-17-743
- http://www.zerodayinitiative.com/advisories/ZDI-17-744
- http://www.zerodayinitiative.com/advisories/ZDI-17-745
- http://www.zerodayinitiative.com/advisories/ZDI-17-746
- http://www.zerodayinitiative.com/advisories/ZDI-17-747
- http://www.zerodayinitiative.com/advisories/ZDI-17-748
- http://www.zerodayinitiative.com/advisories/ZDI-17-749
- http://www.zerodayinitiative.com/advisories/ZDI-17-750
- http://www.zerodayinitiative.com/advisories/ZDI-17-751
- http://www.zerodayinitiative.com/advisories/ZDI-17-753
- http://www.zerodayinitiative.com/advisories/ZDI-17-754
- http://www.zerodayinitiative.com/advisories/ZDI-17-755
- http://www.zerodayinitiative.com/advisories/ZDI-17-756
- http://www.zerodayinitiative.com/advisories/ZDI-17-757
- http://www.zerodayinitiative.com/advisories/ZDI-17-758
- http://www.zerodayinitiative.com/advisories/ZDI-17-759
- http://www.zerodayinitiative.com/advisories/ZDI-17-760
- http://www.zerodayinitiative.com/advisories/ZDI-17-761
- http://www.zerodayinitiative.com/advisories/ZDI-17-762
- http://www.zerodayinitiative.com/advisories/ZDI-17-763
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.