Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Alarm Raise Over Vulnerability in Trend Micro’s Anti-Virus Tool

Security notification company Secunia has detected a potentially severe security flaw in Trend Micro Inc.'s HouseCall, a free online service for virus scanning. The company's researchers said that hackers could use the bug to hack Windows computers running Internet Explorer.

The security company disclosed that if an attacker gets success in exploiting HouseCall's vulnerability existing in customary ActiveX control that Trend Micro allocates to people who use its non-chargeable HouseCall service, he could trick those users into visiting a maliciously infected web page. The security researchers also said that the free scanning software HouseCall checks the computer for any infection from spyware, viruses or any other malware.

Furthermore, the researchers have rated the flaw as "highly critical". The flaw is positioned second in Secunia's five stage scoring system.

Secunia in its security advisory clearly defines that the bug is a result of a fault in the HouseCall ActiveX control named Housacall_ActiveX.dll. This could be exploited to defer formerly freed memory through a user, who is tricked into viewing a web page having a crafty 'notifyOnLoadNative ()' callback function.

Meanwhile, the researchers confirmed that the bug affects HouseCall ActiveX Control versions 6.6.0.1278 and 6.51.0.1028, whereas spares other versions of the tool.

According to Trend Micro, it has plugged the hole in the ActiveX control as well as patched the HouseCall servers meant for public use. However, the company said that no extensive tests have been conducted on the fix and Trend Micro essentially wouldn't be liable for the fix's insufficiency, if at all.

Besides, according to the advisory from Trend Micro, the fix was created as a way to solve a client reported problem. But as the fix is not yet tested, Trend Micro makes no promise of the fix's performance nor warrants that it is free from error.

However, to remain safe, researchers recommend that people using IE remove the Housecall_ActiveX.dll and use Version 6.6.0.1285 of the HouseCall service instead of its previous services.

Trend Micro advised organizations running HouseCall Server in-house to summon the "HouseCall 6.6 Hot Fix Build 1285" update via their usual support channels.

Related article: Alarming Rise In ID Theft Threats During Jan-Feb ‘07

» SPAMfighter News - 30-12-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next