Lucene search

SAINT CorporationSAINT:55267BD07E1552EDD094FC4D11700004

HistorySep 02, 2010 - 12:00 a.m.

Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution

2010-09-0200:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.4%

JSON

Added: 09/02/2010
CVE: CVE-2010-3189
BID: 42717
OSVDB: 67561

Background

Trend Micro Internet Security Pro is a virus protection and Internet security product for home users.

Problem

A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which calls the extSetOwner function with an invalid address argument.

Resolution

Apply the hotfix referenced in Solution ID EN-1056426.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-165/>

Limitations

Exploit works on Trend Micro Internet Security Pro 17.50.1647 and requires a user to load the exploit page in Internet Explorer 6 or 7.

Platforms

Windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.4%

JSON

Related for SAINT:55267BD07E1552EDD094FC4D11700004