Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3189

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICAL
EPSS
76.0%
top 1.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Trendmicro Internet Security
Timeline
PublishedAug 31
Latest updateMay 14

Description

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: esupport.trendmicro.comPatch: esupport.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-jcm8-jgjm-3q85: The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl2022-05-14
CVEList
CVE-2010-3189: The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl2010-08-31

💥Exploits & PoCs

1
Exploit-DB
Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (Metasploit)2010-10-01
CVE-2010-3189 (CRITICAL CVSS 9.3) | The extSetOwner function in the UfP | cvebase.io