Lucene search
SAINT CorporationSAINT:E7F590FC05979C3413CE481531A2F616HistorySep 02, 2010 - 12:00 a.m.
Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
2010-09-0200:00:00
SAINT Corporation
download.saintcorporation.com
19
0.956 High
EPSS
Percentile
99.4%
Added: 09/02/2010
CVE: CVE-2010-3189
BID: 42717
OSVDB: 67561
Background
Trend Micro Internet Security Pro is a virus protection and Internet security product for home users.
Problem
A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which calls the extSetOwner function with an invalid address argument.
Resolution
Apply the hotfix referenced in Solution ID EN-1056426.
References
<http://www.zerodayinitiative.com/advisories/ZDI-10-165/>
Limitations
Exploit works on Trend Micro Internet Security Pro 17.50.1647 and requires a user to load the exploit page in Internet Explorer 6 or 7.
Platforms
Windows
Related
cve
cve
CVE-2010-3189
2010-08-31 20:00:02
saint
saint
Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
2010-09-02 00:00:00
Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
2010-09-02 00:00:00
Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
2010-09-02 00:00:00
nessus
nessus
d2
d2
DSquare Exploit Pack: D2SEC_TISPRO
2010-08-31 20:00:00
exploitpack
exploitpack
packetstorm
packetstorm
openvas
openvas
seebug
seebug
checkpoint_advisories
checkpoint_advisories
metasploit
metasploit
exploitdb
exploitdb
cvelist
cvelist
CVE-2010-3189
2010-08-31 19:25:00
nvd
nvd
CVE-2010-3189
2010-08-31 20:00:02
canvas
canvas
Immunity Canvas: TRENDMICRO_SETOWNED
2010-08-31 20:00:00
prion
prion
Null pointer dereference
2010-08-31 20:00:00