Back to search
CVE-2008-2434
Published: Dec 23, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
VU#541025
third-party-advisory
x_refsource_CERT-VN
housecall-library-code-execution(47524)
vdb-entry
x_refsource_XF
4802
third-party-advisory
x_refsource_SREASON
31337
third-party-advisory
x_refsource_SECUNIA
ADV-2008-3464
vdb-entry
x_refsource_VUPEN
20081222 Secunia Research: Trend Micro HouseCall ActiveX Control Arbitrary Code Execution
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/secunia_research/2008-32/
x_refsource_MISC
32965
vdb-entry
x_refsource_BID
50941
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now