The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder. Per http://esupport.trendmicro.com/support/viewxml.do?ContentIDEN-1038646&idEN-1038646
To resolve the issue:
Request the HouseCall 6.6 Hot Fix Build 1285 file from Trend Micro Technical Support.
Publication date: Wed, 24 Dec 2008 00:30:00 +0000