Korpritzombie

**Name of the Vulnerable Software and Affected Versions** Trend Micro Deep Discovery Inspector versions 3.7 through 3.8 SP2 (3.82) **Description** The issue allows remote administrators to execute arbitrary code via shell metacharacters in the `filename` parameter of the Content-Disposition header in the `hotfix upload.cgi` component. **Recommendations** For versions 3.7 through 3.8 SP2 (3.82), as a temporary workaround, consider restricting access to the `hotfix upload.cgi` component until a patch is available. Avoid using shell metacharacters in the `filename` parameter of the Content-Disposition header in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.