Vulnerability Details CVE-2010-3189
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.76
EPSS Ranking 98.9%
CVSS Severity
CVSS v2 Score 9.3
References
- http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx
- http://secunia.com/advisories/41140
- http://www.securityfocus.com/archive/1/513327/100/0/threaded
- http://www.securitytracker.com/id?1024364
- http://www.vupen.com/english/advisories/2010/2185
- http://www.zerodayinitiative.com/advisories/ZDI-10-165
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61397
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7633
- http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx
- http://secunia.com/advisories/41140
- http://www.securityfocus.com/archive/1/513327/100/0/threaded
- http://www.securitytracker.com/id?1024364
- http://www.vupen.com/english/advisories/2010/2185
- http://www.zerodayinitiative.com/advisories/ZDI-10-165
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61397
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7633
Products affected by CVE-2010-3189
-
cpe:2.3:a:trendmicro:internet_security:2010