9.3
CVE-2008-2434
- EPSS 7%
- Veröffentlicht 23.12.2008 18:30:00
- Zuletzt bearbeitet 16.06.2026 22:53:46
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Trend Micro ≫ Housecall Version6.6 Editionserver
Trend Micro ≫ Housecall Version6.6.0.1278
Trend Micro ≫ Housecall Version6.51.0.1028
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7% | 0.933 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646
http://osvdb.org/50941
http://secunia.com/advisories/31337
http://secunia.com/secunia_research/2008-32/
http://securityreason.com/securityalert/4802
http://www.kb.cert.org/vuls/id/541025
http://www.securityfocus.com/archive/1/499495/100/0/threaded
http://www.securityfocus.com/bid/32965
http://www.vupen.com/english/advisories/2008/3464
https://exchange.xforce.ibmcloud.com/vulnerabilities/47524