HTTP: Trend Micro HouseCall ActiveX
This signature detects attempts to exploit a known vulnerability in Trend Micro HouseCall. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX components, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
The Trend Micro HouseCall ActiveX control is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. This issue affects HouseCall versions 6.51.0.1028 and 6.6.0.1278; other versions may be affected as well.
Affected Products
Trend_micro housecall
Short Name
HTTP:STC:ACTIVEX:TM-HOUSECALL
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX CVE-2008-2435 HouseCall Micro Trend bid:32950
Release Date
12/23/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Trend_micro
CVSS Score
9.3