The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote malicious users to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
trend micro housecall 6.6 |
||
trend micro housecall 6.51.0.1028 |
||
trend micro housecall 6.6.0.1278 |