Here’s a Metasploit exploit module I wrote for the Trend Micro Internet Security Pro 2010 ActiveX extSetOwner() remote code execution vulnerability.
This vulnerability was originally discovered by Andrea Micalizzi aka rgod working with Zero Day Initiative. Abysssec Security Team published a binary analysis of this vulnerability as a part of MOAUB.
This module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll). The extSetOwner() function accepts a parameter and assumes it is an initialized pointer. When sending an invalid pointer to the extSetOwner() function of UfPBCtrl.dll an attacker may be able to execute arbitrary code.
Exploit successfully tested on the following platforms:
– Trend Micro Internet Security Pro 2010 on Internet Explorer 7, Windows XP SP3
– Trend Micro Internet Security Pro 2010 on Internet Explorer 7, Windows Vista SP2
Download trendmicro_extsetowner.rb.
Also on Metasploit and Exploit-Database #15168.
>> References:
CVE-2010-3189
OSVDB 67561
ZDI-10-165 – Andrea Micalizzi aka rgod via Zero Day Initiative
MOAUB #03 exploit
MOAUB #03 binary analysis
Categories: Exploits • Metasploit
4 Comments | 
Comments RSS | 
TrackBack URL
RSS 2.0
ATOM 1.0
RDF 1.0
Links OPML
OpenSearch
I hope that there Video explains the exploitation
I don’t think a video is necessary. The exploit is a standard ActiveX exploit which pwns Internet Explorer via a malicious web page.
is this vulnerability patched or this is a 0day exploit?
@alice
No, this isn’t a 0day exploit. Trend Micro released a patch for this vulnerability here:
http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx