CVE-2012-3022

2013-04-16T14:04:00
ID CVE-2012-3022
Type cve
Reporter cve@mitre.org
Modified 2013-04-16T15:21:00

Description

The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site.