Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 23rd, 2008

Trend Micro Releases Update For HouseCall Due To Vulnerable ActiveX Control

Trend Micro has released a patch to address a vulnerability in HouseCall 6.6. This vulnerability may allow an attacker to execute arbitrary code. Visitors to the publicly available HouseCall application may receive an older, vulnerable version of the control.

The vulnerability involves a problem with versions and of the HouseCall ActiveX Control. Successful exploitation of the flaw creates a mechanism for hackers to inject hostile code onto vulnerable systems. According to Secunia, which discovered the bug and published an advisory on Sunday, the vulnerability is caused by a use-after-free error in the HouseCallActiveX control (Housecall_ActiveX.dll). This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted “notifyOnLoadNative()”callback function.

Users of Trend Micro’s HouseCall antivirus scanner need to upgrade to version following this discovery. Details on Hot Fix B1285 and update can be found in here.

Share this item with others:

More on CyberInsecure:
  • Microsoft Office Snapshot Viewer ActiveX Control Vulnerability
  • HP Instant Support ActiveX Control Multiple Vulnerabilities
  • Above 300,000 More Websites Compromised Targeting Chinese Users
  • ActiveX bugs Are Targeted In A New Attack Kit
  • ActiveX Control Flaw In BlackBerry Leads To Code Execution Attacks

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Trend Micro Releases Update For HouseCall Due To Vulnerable ActiveX Control

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.