CVE-2010-3189

Published: Aug 31, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.

Affected (1)

Products: Trendmicro: Internet Security

Trendmicro

1 product

Internet Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Trendmicro Internet Security	Version 2010

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (16)

http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/41140

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/513327/100/0/threaded

Source: cve@mitre.org

http://www.securitytracker.com/id?1024364

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/2185

Source: cve@mitre.org

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-10-165

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/61397

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7633

Source: cve@mitre.org

http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx