Lucene search

SAINT CorporationSAINT:C139EA08330C6CA8D5976C7CA52617F9

HistorySep 02, 2010 - 12:00 a.m.

Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution

2010-09-0200:00:00

SAINT Corporation

my.saintcorporation.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.957

Percentile

99.5%

JSON

Added: 09/02/2010
CVE: CVE-2010-3189
BID: 42717
OSVDB: 67561

Background

Trend Micro Internet Security Pro is a virus protection and Internet security product for home users.

Problem

A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which calls the extSetOwner function with an invalid address argument.

Resolution

Apply the hotfix referenced in Solution ID EN-1056426.

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-165/>

Limitations

Exploit works on Trend Micro Internet Security Pro 17.50.1647 and requires a user to load the exploit page in Internet Explorer 6 or 7.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.957

Percentile

99.5%

JSON

Related for SAINT:C139EA08330C6CA8D5976C7CA52617F9