Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution
Added: 09/02/2010CVE: CVE-2010-3189
BID: 42717
OSVDB: 67561
Background
Trend Micro Internet Security Pro is a virus protection and Internet security product for home users.Problem
A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which calls the extSetOwner function with an invalid address argument.Resolution
Apply the hotfix referenced in Solution ID EN-1056426.References
http://www.zerodayinitiative.com/advisories/ZDI-10-165/Limitations
Exploit works on Trend Micro Internet Security Pro 17.50.1647 and requires a user to load the exploit page in Internet Explorer 6 or 7.Platforms
WindowsBack to exploit index