PT-2013-1568 · Trend Micro · Trenddisplay.Dll+1
Published
2013-04-16
·
Updated
2013-04-16
·
CVE-2012-3022
CVSS v2.0
8.5
High
| Vector | AV:N/AC:M/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
TrendLink versions 9.0.2.27051 and earlier
Description
The issue concerns the SaveToFile method in a certain ActiveX control within TrendDisplay.dll, which does not properly restrict file creation. This allows remote attackers to download and execute arbitrary programs on a client machine via a crafted website.
Recommendations
For versions 9.0.2.27051 and earlier, consider disabling the SaveToFile method in the ActiveX control as a temporary workaround until a patch is available. Restrict access to the TrendDisplay.dll module to minimize the risk of exploitation. Avoid using the affected ActiveX control in web applications until the issue is resolved.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Trenddisplay.Dll
Trendlink