Trend Micro HouseCallのActiveXに脆弱性だそうです。

Secunia Research has discovered a vulnerability in Trend Micro HouseCall, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error in the HouseCall ActiveX control (Housecall_ActiveX.dll). This can be exploited to dereference previously freed memory by tricking the user into opening a web page containing a specially crafted "notifyOnLoadNative()" callback function.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in versions 6.51.0.1028 and 6.6.0.1278. Other versions may also be affected.

Security Advisory SA31583 - Trend Micro HouseCall ActiveX Control "notifyOnLoadNative()" Vulnerability - Secunia

関連URL

• US-CERT Current Activity
• Trend Micro HouseCall ActiveX Control Arbitrary Code Execution - Secunia Advisories - Vulnerability Intelligence - Secunia.com
• ActiveXの最新版利用を：Trend Microのオンラインスキャンツールに脆弱性 - ITmedia エンタープライズ