CVE-2008-2434

Published: Dec 23, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected (3)

Products: Trend Micro: Housecall

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Trend Micro Housecall	Version 6.51.0.1028
Trend Micro Housecall	Version 6.6.0.1278
Trend Micro Housecall	Version 6.6

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (20)

http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://osvdb.org/50941

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/31337

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/secunia_research/2008-32/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://securityreason.com/securityalert/4802

Source: PSIRT-CNA@flexerasoftware.com

http://www.kb.cert.org/vuls/id/541025

Source: PSIRT-CNA@flexerasoftware.com

US Government Resource

http://www.securityfocus.com/archive/1/499495/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/bid/32965

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2008/3464

Source: PSIRT-CNA@flexerasoftware.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/47524

Source: PSIRT-CNA@flexerasoftware.com

http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://osvdb.org/50941

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31337

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/secunia_research/2008-32/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/4802

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/541025

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/archive/1/499495/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/32965

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/3464

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/47524

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.