Lucene search
SAINT CorporationSAINT:0B3F341FF8E98678C2BC926ED784FF93HistorySep 02, 2010 - 12:00 a.m.
Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
2010-09-0200:00:00
SAINT Corporation
www.saintcorporation.com
25
EPSS
0.957
Percentile
99.5%
Added: 09/02/2010
CVE: CVE-2010-3189
BID: 42717
OSVDB: 67561
Background
Trend Micro Internet Security Pro is a virus protection and Internet security product for home users.
Problem
A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which calls the extSetOwner function with an invalid address argument.
Resolution
Apply the hotfix referenced in Solution ID EN-1056426.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-165/>
Limitations
Exploit works on Trend Micro Internet Security Pro 17.50.1647 and requires a user to load the exploit page in Internet Explorer 6 or 7.
Platforms
Windows
Related
saint
saint
Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
2010-09-02 00:00:00
Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
2010-09-02 00:00:00
Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
2010-09-02 00:00:00
cve
cve
CVE-2010-3189
2010-08-31 20:00:02
cvelist
cvelist
CVE-2010-3189
2010-08-31 19:25:00
nvd
nvd
CVE-2010-3189
2010-08-31 20:00:02
exploitdb
exploitdb
nessus
nessus
d2
d2
DSquare Exploit Pack: D2SEC_TISPRO
2010-08-31 20:00:00
exploitpack
exploitpack
packetstorm
packetstorm
canvas
canvas
Immunity Canvas: TRENDMICRO_SETOWNED
2010-08-31 20:00:00
prion
prion
Null pointer dereference
2010-08-31 20:00:00
zdt
zdt
Trend Micro Internet Security Pro ActiveX extSetOwner() Code Execution
2010-10-02 00:00:00
seebug
seebug
checkpoint_advisories
checkpoint_advisories
metasploit
metasploit
openvas
openvas