CVE-2010-3189

Опубликовано: 31 авг. 2010

Источник: nvd

CVSS2: 9.3

EPSS Высокий

Описание

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.

Ссылки

http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx
Patch
Vendor Advisory
http://secunia.com/advisories/41140
Vendor Advisory
http://www.securityfocus.com/archive/1/513327/100/0/threaded
http://www.securitytracker.com/id?1024364
http://www.vupen.com/english/advisories/2010/2185
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-165
https://exchange.xforce.ibmcloud.com/vulnerabilities/61397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7633
http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx
Patch
Vendor Advisory
http://secunia.com/advisories/41140
Vendor Advisory
http://www.securityfocus.com/archive/1/513327/100/0/threaded
http://www.securitytracker.com/id?1024364
http://www.vupen.com/english/advisories/2010/2185
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-10-165
https://exchange.xforce.ibmcloud.com/vulnerabilities/61397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7633

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:internet_security:2010:-:pro:*:*:*:*:*

EPSS

Процентиль: 99%

0.7604

Высокий

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-jcm8-jgjm-3q85

github

больше 3 лет назад