Published: 31/08/2010 Updated: 10/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote malicious users to execute arbitrary code via an invalid address that is dereferenced as a pointer.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trendmicro internet security 2010

## # $Id: trendmicro_extsetownerrb 10538 2010-10-04 04:26:09Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## ## # trendmicro_ex ...

This Metasploit module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX When sending an invalid pointer to the extSetOwner() function of UfPBCtrldll an attacker may be able to execute arbitrary code ...

CWE-94 http://secunia.com/advisories/41140 http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx http://www.securitytracker.com/id?1024364 http://www.zerodayinitiative.com/advisories/ZDI-10-165 http://www.vupen.com/english/advisories/2010/2185 https://exchange.xforce.ibmcloud.com/vulnerabilities/61397 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7633 http://www.securityfocus.com/archive/1/513327/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/15168/

CVE-2010-3189

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect