JVN#30281958: Arbitrary program execution vulnerability in TrendLink ActiveX control

TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted.

Impact

A remote attacker may create an arbitrary file on the system and as a result, arbitrary code may be executed.

Solution

Update the software
Update to the latest version according to the information provided by the developer.

Products Affected

• TrendLink versions 9.0.2.27051 and earlier