Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2434

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2434
Last Modified 07 Mar 2011 10:09:11
Published 23 Dec 2008 01:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2434

Summary

The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Vulnerable Systems

Application

  • Trend Micro Housecall 6.51.0.1028

  • Trend Micro Housecall 6.6

  • Trend Micro Housecall 6.6.0.1278


References

CERT-VN - VU#541025

XF - housecall-library-code-execution(47524)

VUPEN - ADV-2008-3464

BID - 32965

BUGTRAQ - 20081222 Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution

SREASON - 4802

MISC - http://secunia.com/secunia_research/2008-32/

SECUNIA - 31337

OSVDB - 50941

MISC - http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646


Last Updated: 27 May 2016 10:47:52