What is CVE-2010-3189?

CVE-2010-3189 is a vulnerability in Trendmicro Internet_security, classified under Code Injection. Published 2010-08-31.

Is CVE-2010-3189 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Trendmicro Internet_security

CVE-2010-3189

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.760 (98.9th percentile) — read the EPSS interpretation.

Affected products

Trendmicro Internet_security — versions 2010
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (x_refsource_MISC)
20100825 ZDI-10-165: Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Vulnerability (mailing-list, x_refsource_BUGTRAQ)
1024364 (vdb-entry, x_refsource_SECTRACK)
oval:org.mitre.oval:def:7633 (x_refsource_OVAL, signature, vdb-entry)
41140 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
ADV-2010-2185 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
trend-micro-activex-code-execution(61397) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2010-3189?: CVE-2010-3189 is a vulnerability in Trendmicro Internet_security, classified under Code Injection. Published 2010-08-31.
Is CVE-2010-3189 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.