CVE-2012-3022

Name of the Vulnerable Software and Affected Versions TrendLink versions 9.0.2.27051 and earlier

Description The issue concerns the SaveToFile method in a certain ActiveX control within TrendDisplay.dll, which does not properly restrict file creation. This allows remote attackers to download and execute arbitrary programs on a client machine via a crafted website.

Recommendations For versions 9.0.2.27051 and earlier, consider disabling the SaveToFile method in the ActiveX control as a temporary workaround until a patch is available. Restrict access to the TrendDisplay.dll module to minimize the risk of exploitation. Avoid using the affected ActiveX control in web applications until the issue is resolved.