Trend Micro Releases Update For HouseCall Due To Vulnerable ActiveX Control
Trend Micro has released a patch to address a vulnerability in HouseCall 6.6. This vulnerability may allow an attacker to execute arbitrary code. Visitors to the publicly available HouseCall application may receive an older, vulnerable version of the control.
The vulnerability involves a problem with versions 6.51.0.1028 and 6.6.0.1278 of the HouseCall ActiveX Control. Successful exploitation of the flaw creates a mechanism for hackers to inject hostile code onto vulnerable systems. According to Secunia, which discovered the bug and published an advisory on Sunday, the vulnerability is caused by a use-after-free error in the HouseCallActiveX control (Housecall_ActiveX.dll). This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted “notifyOnLoadNative()”callback function.
Users of Trend Micro’s HouseCall antivirus scanner need to upgrade to version 6.6.0.1285 following this discovery. Details on Hot Fix B1285 and update can be found in here.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.