Intrusion Prevention

Trend.Micro.Mobile.Security.Enterprise.Arbitrary.File.Upload

Description

This indicates an attack attempt to exploit an Arbitrary File Upload vulnerability in Trend Micro Mobile Security Enterprise.
The vulnerability is caused by an error when the application handles a malicious upload_img_file request. A remote attacker can exploit this to send a crafted HTTP POST request to execute arbitrary code on vulnerable systems.

Affected Products

Trend Micro Mobile Security (Enterprise) prior to 9.7 Patch 3 (b2406)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrades or patches from the vendor.
https://success.trendmicro.com/solution/1118224

CVE References

CVE-2017-14079