Trend Micro Internet Security Pro UfProxyBrowserCtrl ActiveX extSetOwner Function Arbitrary Code Execution
High Nessus Plugin ID 49707
SynopsisThe remote Windows host has an ActiveX control that allows execution of arbitrary code.
DescriptionThe UfProxyBrowserCtrl ActiveX control, a component of Trend Micro Internet Security Pro 2010 installed on the remote Windows host, reportedly has an issue in its 'extSetOwner()' function that allows a remote attacker to run arbitrary code via an invalid address that is dereferenced as a pointer.
If an attacker can trick a user on the affected host into viewing a specially crafted HTML document, he can leverage this issue to execute arbitrary code on the affected system subject to the user's privileges.
SolutionApply the hot fix referenced in Trend Micro's advisory.