Trend Micro Internet Security Pro 'UfPBCtrl.dll' Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with Trend Micro Internet Security Pro and is prone to code execution vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary code on the system with the privileges of the victim. Impact Level: Application

Solution

Apply hotfix http://solutionfile.trendmicro.com/solutionfile/EN-1056426/TISPro_1750_win_en_hfb1695.exe ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is caused by an error in the 'extSetOwner()' function within the 'UfPBCtrl.dll' ActiveX control when processing user-supplied parameters, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected

Trend Micro Internet Security Pro 2010

References

http://www.vupen.com/english/advisories/2010/2185
http://www.zerodayinitiative.com/advisories/ZDI-10-165/
http://xforce.iss.net/xforce/xfdb/61397

Updated on 2017-03-28

Severity

Classification

CVE CVE-2010-3189
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)

Take action and discover your vulnerabilities