The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| http://www.zerodayinitiative.com/advisories/ZDI-10-165 | |
| http://www.securityfocus.com/archive/1/513327/100/0/threaded | mailing list |
| http://www.securitytracker.com/id?1024364 | vdb entry |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7633 | vdb entry signature |
| http://secunia.com/advisories/41140 | third party advisory vendor advisory |
| http://www.vupen.com/english/advisories/2010/2185 | vdb entry vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61397 | vdb entry |
| http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx | patch vendor advisory |