CVE-2008-2435 - Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278

CVE-2008-2435

Summary

Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function.

References

Vulnerable Configurations

cpe:2.3:a:trend_micro:housecall:6.6.0.1278:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:housecall:6.6.0.1278:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:housecall:6.51.0.1028:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:housecall:6.51.0.1028:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 11-10-2018 - 20:41)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	32950
bugtraq	20081221 Secunia Research: Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability
cert-vn	VU#702628
confirm	http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646
misc	http://secunia.com/secunia_research/2008-34/
osvdb	50843
sectrack	1021481
secunia	31583
vupen	ADV-2008-3464
xf	housecall-notifyonloadnative-code-execution(47523)

Last major update

11-10-2018 - 20:41

Published

23-12-2008 - 18:30

Last modified

11-10-2018 - 20:41