VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3189
internet_security: The extSetOwner function in the UfProxyBrowserCtrl ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3189

Original

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-31
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-01




Affected Product Tags
cpe:/a:trendmicro:internet_security:2010:-:pro
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
BUGTRAQ 20100825 ZDI-10-165: Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Vulnerability




CONFIRM http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx




MISC http://www.zerodayinitiative.com/advisories/ZDI-10-165




SECTRACK 1024364




SECUNIA 41140




VUPEN ADV-2010-2185




Vulnerability Type Code Injection (CWE-94)




XF trend-micro-activex-code-execution(61397)




Copyright © 2010 JPCERT/CC All Rights Reserved.