OSVDB ID: 50843

Title: Trend Micro HouseCall ActiveX (Housecall_ActiveX.dll) Crafted notifyOnLoadNative() Function Arbitrary Code Execution

Info

Disclosure

Dec 18, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Dec 18, 2008

Description

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Disclosure: Vendor Verified
OSVDB: Web Related, Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Trend Micro has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1021481
CVE ID: 2008-2435 (see also: NVD)
Secunia Advisory ID: 31583
Bugtraq ID: 32950
ISS X-Force ID: 47523
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-12/0212.html
Vendor Specific Advisory URL: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646
Vendor Specific Solution URL: http://prerelease.trendmicro-europe.com/hc66/launch/
Other Advisory URL: http://secunia.com/secunia_research/2008-34/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/50843