3 matches found
CVE-2008-2435
CVE-2008-2435 is a use-after-free vulnerability in Trend Micro HouseCall ActiveX control, affecting versions 6.51.0.1028 and 6.6.0.1278 (Housecall_ActiveX.dll). The flaw allows a remote attacker to execute arbitrary code by tricking a user into loading a specially crafted page calling notifyOnLoa...
Trend Micro HouseCall notifyOnLoadNative()函数任意代码执行漏洞
CVECAN ID: CVE-2008-2435 HouseCall是用于检查计算机是否被病毒、间谍软件感染的应用程序。 HouseCall ActiveX控件(HousecallActiveX.dll)中存在使用后释放漏洞,如果用户受骗访问了包含有特制notifyOnLoadNative回调函数的网页的话,就会引用之前已释放的内存。成功利用这个漏洞允许在用户机器上执行任意代码。 Trend Micro HouseCall Server Edition - 6.6 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
[Full-disclosure] Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability
====================================================================== Secunia Research 21/12/2008 - Trend Micro HouseCall "notifyOnLoadNative" Vulnerability - ====================================================================== Table of Contents Affected...