CVE-2008-2435
https://notcve.org/view.php?id=CVE-2008-2435
Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function. Vulnerabilidad de uso después de la liberación en el control ActiveX de HouseCall de Trend Micro v6.51.0.1028 y v6.6.0.1278 en Housecall_ActiveX.dll, permite a atacantes remotos ejecutar código arbitrario a través de una función de retorno notifyOnLoadNative manipulada. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646 http://secunia.com/advisories/31583 http://secunia.com/secunia_research/2008-34 http://securitytracker.com/id?1021481 http://www.kb.cert.org/vuls/id/702628 http://www.osvdb.org/50843 http://www.securityfocus.com/archive/1/499478/100/0/threaded http://www.securityfocus.com/bid/32950 http://www.vupen.com/english/advisories/2008/3464 https://exchange.xforce.ibmcloud.com/vulnerabilities/47523 • CWE-399: Resource Management Errors •
CVE-2008-2434
https://notcve.org/view.php?id=CVE-2008-2434
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder. El control ActiveX de Trend Micro HouseCall v6.51.0.1028 y v6.6.0.1278 en Housecall_ActiveX.dll permite a atacantes remotos descargar un fichero de biblioteca arbitrario en un sistema cliente a través del parámetro "custom update server". NOTE: puede aprovecharse para ejecución de código escribiendo en la carpeta de inicio. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646 http://osvdb.org/50941 http://secunia.com/advisories/31337 http://secunia.com/secunia_research/2008-32 http://securityreason.com/securityalert/4802 http://www.kb.cert.org/vuls/id/541025 http://www.securityfocus.com/archive/1/499495/100/0/threaded http://www.securityfocus.com/bid/32965 http://www.vupen.com/english/advisories/2008/3464 https://exchange.xforce.ibmcloud.com/vulnerabilities/47524 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2003-0646
https://notcve.org/view.php?id=CVE-2003-0646
Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings. Múltiples desbordamientos de búfer en controles ActiveX usados por Trend Micro HouseCall 5.5 y 5.7, y Damage Cleanup Server 1.0, permite a atacantes remotos ejecutar código arbitrario mediante cadenas de parámetros largos. • http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006488.html •