Описание
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- US Government Resource
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:trend_micro:housecall:6.6:*:server:*:*:*:*:*
cpe:2.3:a:trend_micro:housecall:6.6.0.1278:*:*:*:*:*:*:*
cpe:2.3:a:trend_micro:housecall:6.51.0.1028:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.34903
Средний
9.3 Critical
CVSS2
Дефекты
CWE-94
Связанные уязвимости
github
почти 4 года назад
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
EPSS
Процентиль: 97%
0.34903
Средний
9.3 Critical
CVSS2
Дефекты
CWE-94