Signature Detail
Short Name |
HTTP:STC:ACTIVEX:TM-HOUSECALL |
|---|---|
Severity |
High |
Recommended |
No |
Category |
HTTP |
Keywords |
Trend Micro HouseCall ActiveX |
Release Date |
2008/12/23 |
Update Number |
1336 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Trend Micro HouseCall ActiveX
This signature detects attempts to exploit a known vulnerability in Trend Micro HouseCall. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX components, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Trend Micro HouseCall ActiveX control is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. This issue affects HouseCall versions 6.51.0.1028 and 6.6.0.1278; other versions may be affected as well.
Affected Products
- Trend Micro HouseCall 6.51.0.1028
- Trend Micro HouseCall 6.6.0.1278
References
- BugTraq: 32950
- CVE: CVE-2008-2435