Trend MicroHouseCall ActiveX Control "notifyOnLoadNative()" Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 22 Dec 2008 4768 Views

RISK: Medium Risk

A vulnerability has been identified in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error in the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted "notifyOnLoadNative()" callback function.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in versions 6.51.0.1028 and 6.6.0.1278. Other versions may also be affected.

Impact

Remote Code Execution

System / Technologies affected

Trend Micro HouseCall ActiveX Control 6.x
Trend Micro HouseCall Server 6.x

Solutions

Before installation of the software, please visit the software manufacturerweb-site for more details.
Remove the ActiveX control and install version 6.6.0.1285:
http://prerelease.trendmicro-europe.com/hc66/launch/
HouseCall Server Edition - Apply hotfix B1285 :
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646

Vulnerability Identifier

CVE-2008-2435

Source

Share with

BitDefenderfor Linux PE File Handling Memory Corruption Vulnerability

22 Dec 2008 4792 Views

RealNetworks Helix Server Multiple Vulnerabilities

2 Jan 2009 4837 Views