Signature Detail
Short Name |
HTTP:STC:ACTIVEX:TM-ISP-2010 |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution |
Release Date |
2010/10/25 |
Update Number |
1798 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution
This signature detects attempts to exploit a known code execution vulnerability in Trend Micro Security Pro 2010 ActiveX control. It is due to an error while parsing a parameter to the extSetOwner function. By specifying a specially crafted address, the process can call into a controlled memory region. An attacker can exploit this by enticing a user to visit a maliciously crafted Web site. A successful attack can result in code execution under the privileges of the Web browser.
Extended Description
Trend Micro Internet Security Pro is prone to a remote code-execution vulnerability that affects the 'AccWizObjects' ActiveX control. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control. Trend Micro Internet Security Pro 2010 is vulnerable; other versions may also be affected.
Affected Products
- Trend Micro Internet Security Pro 2010
References
- BugTraq: 42717
- CVE: CVE-2010-3189
- URL: http://xforce.iss.net/xforce/xfdb/61397