HouseCall throws a sickie
PrintActiveX control gives online scanner man flu
Posted in Enterprise Security, 22nd December 2008 14:40 GMT
Free whitepaper – Dell IT infrastructure services brochure
Users of Trend Micro's HouseCall antivirus scanner need to upgrade following the discovery of a potentially serious security bug.
Attentive readers will have have already guessed the vulnerability involves a problem with an ActiveX control, specifically versions 6.51.0.1028 and 6.6.0.1278 of the HouseCall ActiveX Control. Users need to upgrade to version 6.6.0.1285.
Successful exploitation of the flaw creates a mechanism for hackers to inject hostile code onto vulnerable systems, security notification firm Secunia - which discovered the bug and published an advisory on Sunday - explains:
"The vulnerability is caused by a use-after-free error in the HouseCallActiveX control (Housecall_ActiveX.dll). This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted "notifyOnLoadNative()"callback function." ®
The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive