Arbitrary Code Execution in Trend Micro HouseCall ActiveX Control
CVE-2008-2434

Currently unrated

Key Information:

Vendor

Trend Micro
Status
Housecall
Vendor
CVE Published:
23 December 2008

What is CVE-2008-2434?

The Trend Micro HouseCall ActiveX control contains a vulnerability that allows remote attackers to exploit the 'custom update server' argument, enabling them to download arbitrary library files onto users' systems. This could potentially be leveraged for executing malicious code by placing files into a Startup folder, leading to unauthorized code execution whenever the system starts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.kb.cert.org/vuls/id/541025
third-party-advisoryx_refsource_CERT-VN
https://exchange.xforce.ibmcloud.com/vulnerabilities/47524
vdb-entryx_refsource_XF
http://securityreason.com/securityalert/4802
third-party-advisoryx_refsource_SREASON

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.