Check Point Advisories

Update Protection against Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability

Check Point Reference: CPAI-2009-025
Date Published: 23 Jan 2009
Severity: High
Last Updated: Thursday 01 January, 2009
Source: Secunia Research
Industry Reference:CVE-2008-2434
CVE-2008-2435
Protection Provided by:
Who is Vulnerable? Trend Micro HouseCall ActiveX Control 6.51.0.1028 and 6.6.0.1278
Vulnerability Description A vulnerability was reported in Trend Micro HouseCall . HouseCall is an application for checking whether your computer has been infected by viruses, spyware, or other malware. The vulnerability is caused by a use-after-free error in the HouseCall ActiveX control.  This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted function. Successful exploitation may allow remote code execution.
Vulnerability DetailsThe Trend Micro HouseCall ActiveX control (Housecall_ActiveX.dll) contains a use-after-free vulnerability.  Using a web page containing a specially crafted call to notifyOnLoadNative(), an attacker can write to heap memory and potentially execute arbitrary code.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK