CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.5%
Added: 09/02/2010
CVE: CVE-2010-3189
BID: 42717
OSVDB: 67561
Trend Micro Internet Security Pro is a virus protection and Internet security product for home users.
A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which calls the extSetOwner function with an invalid address argument.
Apply the hotfix referenced in Solution ID EN-1056426.
<http://www.zerodayinitiative.com/advisories/ZDI-10-165/>
Exploit works on Trend Micro Internet Security Pro 17.50.1647 and requires a user to load the exploit page in Internet Explorer 6 or 7.
Windows