Lucene search
K

100 matches found

Check Point Advisories
Check Point Advisories
added 2009/01/23 12:0 a.m.5 views

Update Protection against Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability

A vulnerability was reported in Trend Micro HouseCall . HouseCall is an application for checking whether your computer has been infected by viruses, spyware, or other malware. The vulnerability is caused by a use-after-free error in the HouseCall ActiveX control. This can be exploited to...

9.3CVSS7AI score0.06998EPSS
Exploits1
CERT
CERT
added 2008/12/25 12:0 a.m.27 views

Trend Micro HouseCall ActiveX control notifyOnLoadNative() uses previously free'd memory

Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll contains a "use-after-free" vulnerability. Usi...

9.3CVSS7.8AI score0.06998EPSS
Exploits1References5
CERT
CERT
added 2008/12/25 12:0 a.m.26 views

Trend Micro HouseCall ActiveX control does not adequately validate update server parameters

Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll includes an update feature. A web page hosting...

9.3CVSS7.7AI score0.06998EPSS
Exploits0References6
NVD
NVD
added 2008/12/23 6:30 p.m.18 views

CVE-2008-2435

Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function...

9.3CVSS7.4AI score0.06998EPSS
Exploits1References10
Prion
Prion
added 2008/12/23 6:30 p.m.18 views

Remote code execution

The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder...

9.3CVSS7.8AI score0.06998EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2008/12/23 6:30 p.m.20 views

CVE-2008-2434

The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder...

9.3CVSS7.2AI score0.06998EPSS
Exploits0References10
Prion
Prion
added 2008/12/23 6:30 p.m.18 views

Design/Logic Flaw

Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function...

9.3CVSS8AI score0.06998EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2008/12/23 6:13 p.m.26 views

CVE-2008-2435

Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function...

7.8AI score0.06998EPSS
Exploits1References10
Cvelist
Cvelist
added 2008/12/23 6:13 p.m.24 views

CVE-2008-2434

The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder...

7.8AI score0.06998EPSS
Exploits0References10
CVE
CVE
added 2008/12/23 6:13 p.m.53 views

CVE-2008-2435

CVE-2008-2435 is a use-after-free vulnerability in Trend Micro HouseCall ActiveX control, affecting versions 6.51.0.1028 and 6.6.0.1278 (Housecall_ActiveX.dll). The flaw allows a remote attacker to execute arbitrary code by tricking a user into loading a specially crafted page calling notifyOnLoa...

9.3CVSS7.7AI score0.06998EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2008/12/23 6:13 p.m.58 views

CVE-2008-2434

Trend Micro HouseCall ActiveX control (Housecall_ActiveX.dll) versions 6.51.0.1028 and 6.6.0.1278 are vulnerable due to an update server parameter that can be exploited to download an arbitrary library to a user-writable path, enabling possible code execution (e.g., via the Startup folder). Root ...

9.3CVSS7.7AI score0.06998EPSS
Exploits0References10Affected Software1
securityvulns
securityvulns
added 2008/12/23 12:0 a.m.30 views

Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution

====================================================================== Secunia Research 22/12/2008 - Trend Micro HouseCall ActiveX Control Arbitrary Code Execution - ====================================================================== Table of Contents Affected...

9.3CVSS1AI score0.06998EPSS
Exploits0
securityvulns
securityvulns
added 2008/12/23 12:0 a.m.22 views

Trend Micro HouseCall ActiveX memory corruption

Use-after-free vulnerability...

2.5AI score
Exploits0References2Affected Software1
Kaspersky
Kaspersky
added 2008/12/23 12:0 a.m.44 views

KLA10368 Multiple vulnerabilities in Trend Micro HouseCall

Multiple critical vulnerabilities have been found in Trend Micro HouseCall. Malicious users can exploit these vulnerabilities to execute arbitrary code or download arbitrary files. Below is a complete list of vulnerabilities 1. A use-after-free vulnerability can be exploited remotely via a...

9.3CVSS7.8AI score0.06998EPSS
Exploits1References2
seebug.org
seebug.org
added 2008/12/23 12:0 a.m.42 views

Trend Micro HouseCall notifyOnLoadNative()函数任意代码执行漏洞

CVECAN ID: CVE-2008-2435 HouseCall是用于检查计算机是否被病毒、间谍软件感染的应用程序。 HouseCall ActiveX控件(HousecallActiveX.dll)中存在使用后释放漏洞,如果用户受骗访问了包含有特制notifyOnLoadNative回调函数的网页的话,就会引用之前已释放的内存。成功利用这个漏洞允许在用户机器上执行任意代码。 Trend Micro HouseCall Server Edition - 6.6 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

9.3CVSS6.4AI score0.06998EPSS
Exploits1
securityvulns
securityvulns
added 2008/12/22 12:0 a.m.40 views

[Full-disclosure] Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability

====================================================================== Secunia Research 21/12/2008 - Trend Micro HouseCall "notifyOnLoadNative" Vulnerability - ====================================================================== Table of Contents Affected...

9.3CVSS0.4AI score0.06998EPSS
Exploits1
NVD
NVD
added 2003/08/27 4:0 a.m.21 views

CVE-2003-0646

Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings...

7.5CVSS7.8AI score0.02632EPSS
Exploits0References2
Cvelist
Cvelist
added 2003/08/05 4:0 a.m.22 views

CVE-2003-0646

Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings...

7.8AI score0.02632EPSS
Exploits0References2
CVE
CVE
added 2003/08/05 4:0 a.m.56 views

CVE-2003-0646

CVE-2003-0646 affects Trend Micro HouseCall (ActiveX controls) versions 5.5 and 5.7 and Trend Micro Damage Cleanup Server 1.0. The root cause is multiple buffer overflows in the ActiveX controls triggered by long parameter strings, enabling remote code execution. Affected software exposes vulnera...

7.5CVSS7.9AI score0.02632EPSS
Exploits0References2Affected Software2
securityvulns
securityvulns
added 2003/07/13 12:0 a.m.26 views

[Full-Disclosure] Trend Micro ActiveX Multiple Overflows

Systems affected: HouseCall Trend Micros Online virus scanning service and Damage Cleanup Server version 1.0 Some history: On 06/22/03 in the "Symantec ActiveX control buffer overflow" advisory i put the next at the bottom of it: --------------------------- Important note: I recomend antivirus...

1.3AI score
Exploits0
Rows per page
Query Builder