14 DAY TRIAL // The security research company Secunia has released an advisory regarding a highly critical vulnerability that affects Trend Micro's free online HouseCall scanner. If exploited successfully, the bug allows for remote code execution, and the system is completely compromised.
HouseCall is an online anti-virus scanning service from Trend Micro that is deployed in the form of an ActiveX control to Internet Explorer users, or a Java applet to Firefox and Mozilla Suite ones. The vulnerability discovered by researchers from the Danish security firm lies in the ActiveX engine of the popular online scanner, and can be exploited remotely through a maliciously crafted web page.
More specifically, the flaw located in the Housecall_ActiveX.dll control is caused by a use-after-free error, gives an attacker the ability to remotely execute code on the victim machine, if the user is tricked into visiting a page that has a special “notifyOnLoadNative()” callback function embedded into it.
Trend Micro released a hot fix that patched this vulnerability on December 18, in the form of HouseCall 6.6 Hot Fix Build 1285. Users should be advised that HouseCall remains installed on computers even after the initial scanning is done, in order to assure faster updating for later such processes. People who have used HouseCall in the past are urged to uninstall the previous ActiveX control and install the latest available version from Trend Micro's website.
The HouseCall Server Edition 6.x is also affected by this flaw, and Trend Micro has published a support document for its enterprise customers that describes how to manually deploy hotfix B1285 in order to mitigate possible attacks. Secunia credits its own researcher, Alin Rad Pop, with the discovery of this vulnerability, which was confirmed in versions 6.51.0.1028 and 6.6.0.1278. “Other versions may also be affected,” the company advises.
HouseCall was one of the first free online scanners offered by anti-virus vendors. Its latest stable version is 6.5 and can run on Windows Vista, XP with SP2, 2000 with SP4, as well as on MAC OS X 10.4 or higher. In addition to detecting security threats such as viruses, worms, Trojans, and spyware, the scanner is also able to locate various vulnerabilities and provide links for recommended security patches. The service can be accessed with Internet Explorer 6.0 or higher, Mozilla Firefox 2.0 or higher, and Mozilla Camino 1.5.