Trend Micro Internet Security Pro ActiveX Control extSetOwner code execution

Added: 09/02/2010
CVE: CVE-2010-3189
BID: 42717
OSVDB: 67561

Background

Trend Micro Internet Security Pro is a virus protection and Internet security product for home users.

Problem

A vulnerability in the UfPBCtrl.dll ActiveX control allows command execution when a user loads a web page which calls the extSetOwner function with an invalid address argument.

Resolution

Apply the hotfix referenced in Solution ID EN-1056426.

References

http://www.zerodayinitiative.com/advisories/ZDI-10-165/

Limitations

Exploit works on Trend Micro Internet Security Pro 17.50.1647 and requires a user to load the exploit page in Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index