Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2435

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2435
Last Modified 07 Mar 2011 10:09:11
Published 23 Dec 2008 01:30:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2435

Summary

Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function.

Vulnerable Systems

Application

  • Trend Micro Housecall 6.51.0.1028

  • Trend Micro Housecall 6.6.0.1278


References

CERT-VN - VU#702628

XF - housecall-notifyonloadnative-code-execution(47523)

VUPEN - ADV-2008-3464

BID - 32950

BUGTRAQ - 20081221 Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability

OSVDB - 50843

SECTRACK - 1021481

MISC - http://secunia.com/secunia_research/2008-34/

SECUNIA - 31583

CONFIRM - http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646


Last Updated: 27 May 2016 10:47:52