100 matches found
Update Protection against Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability
A vulnerability was reported in Trend Micro HouseCall . HouseCall is an application for checking whether your computer has been infected by viruses, spyware, or other malware. The vulnerability is caused by a use-after-free error in the HouseCall ActiveX control. This can be exploited to...
Trend Micro HouseCall ActiveX control notifyOnLoadNative() uses previously free'd memory
Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll contains a "use-after-free" vulnerability. Usi...
Trend Micro HouseCall ActiveX control does not adequately validate update server parameters
Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll includes an update feature. A web page hosting...
CVE-2008-2435
Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function...
Remote code execution
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder...
CVE-2008-2434
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder...
Design/Logic Flaw
Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function...
CVE-2008-2435
Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function...
CVE-2008-2434
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder...
CVE-2008-2435
CVE-2008-2435 is a use-after-free vulnerability in Trend Micro HouseCall ActiveX control, affecting versions 6.51.0.1028 and 6.6.0.1278 (Housecall_ActiveX.dll). The flaw allows a remote attacker to execute arbitrary code by tricking a user into loading a specially crafted page calling notifyOnLoa...
CVE-2008-2434
Trend Micro HouseCall ActiveX control (Housecall_ActiveX.dll) versions 6.51.0.1028 and 6.6.0.1278 are vulnerable due to an update server parameter that can be exploited to download an arbitrary library to a user-writable path, enabling possible code execution (e.g., via the Startup folder). Root ...
Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution
====================================================================== Secunia Research 22/12/2008 - Trend Micro HouseCall ActiveX Control Arbitrary Code Execution - ====================================================================== Table of Contents Affected...
Trend Micro HouseCall ActiveX memory corruption
Use-after-free vulnerability...
KLA10368 Multiple vulnerabilities in Trend Micro HouseCall
Multiple critical vulnerabilities have been found in Trend Micro HouseCall. Malicious users can exploit these vulnerabilities to execute arbitrary code or download arbitrary files. Below is a complete list of vulnerabilities 1. A use-after-free vulnerability can be exploited remotely via a...
Trend Micro HouseCall notifyOnLoadNative()函数任意代码执行漏洞
CVECAN ID: CVE-2008-2435 HouseCall是用于检查计算机是否被病毒、间谍软件感染的应用程序。 HouseCall ActiveX控件(HousecallActiveX.dll)中存在使用后释放漏洞,如果用户受骗访问了包含有特制notifyOnLoadNative回调函数的网页的话,就会引用之前已释放的内存。成功利用这个漏洞允许在用户机器上执行任意代码。 Trend Micro HouseCall Server Edition - 6.6 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
[Full-disclosure] Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability
====================================================================== Secunia Research 21/12/2008 - Trend Micro HouseCall "notifyOnLoadNative" Vulnerability - ====================================================================== Table of Contents Affected...
CVE-2003-0646
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings...
CVE-2003-0646
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings...
CVE-2003-0646
CVE-2003-0646 affects Trend Micro HouseCall (ActiveX controls) versions 5.5 and 5.7 and Trend Micro Damage Cleanup Server 1.0. The root cause is multiple buffer overflows in the ActiveX controls triggered by long parameter strings, enabling remote code execution. Affected software exposes vulnera...
[Full-Disclosure] Trend Micro ActiveX Multiple Overflows
Systems affected: HouseCall Trend Micros Online virus scanning service and Damage Cleanup Server version 1.0 Some history: On 06/22/03 in the "Symantec ActiveX control buffer overflow" advisory i put the next at the bottom of it: --------------------------- Important note: I recomend antivirus...