PT-2010-4629 · Trend Micro · Trend Micro Internet Security Pro

Publicado

2010-08-31

Atualizado

2018-10-10

CVE-2010-3189

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Trend Micro Internet Security Pro version 2010

Description The issue concerns the extSetOwner function in the UfProxyBrowserCtrl ActiveX control, which allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer. This is related to the UfPBCtrl.dll component.

Recommendations For Trend Micro Internet Security Pro version 2010, consider disabling the extSetOwner function in the UfProxyBrowserCtrl ActiveX control as a temporary workaround until a patch is available. Restrict access to the UfPBCtrl.dll component to minimize the risk of exploitation.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2010-3189

Produtos afetados

Trend Micro Internet Security Pro

PT-2010-4629 · Trend Micro · Trend Micro Internet Security Pro

CVE-2010-3189

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12