Use-After-Free Remote Code Execution in Trend Micro HouseCall ActiveX Control
CVE-2008-2435

Currently unrated

Key Information:

Vendor: Trend Micro
Status: Housecall
Vendor: CVE Published:; 23 December 2008

Summary

A use-after-free vulnerability exists in the Trend Micro HouseCall ActiveX control, specifically in the notifyOnLoadNative callback function. This flaw allows remote attackers to craft specific inputs that can lead to arbitrary code execution, potentially compromising the system's integrity and security. Users of affected versions are at risk if proper mitigations are not implemented.

References

http://www.kb.cert.org/vuls/id/702628

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/archive/1/499478/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2008/3464

vdb-entryx_refsource_VUPEN

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2008
Vulnerability Reserved
May 27, 2008