JVN#30281958: Arbitrary program execution vulnerability in TrendLink ActiveX control

2014-07-25T00:00:00
ID JVN:30281958
Type jvn
Reporter Japan Vulnerability Notes
Modified 2014-07-25T00:00:00

Description

## Description

TrendLink provided by Canary Labs is a tool to help visualize data for analysis. The SaveToFile method provided in the ActiveX control in TrendLink contains a vulnerability where file creation is not properly restricted.

## Impact

A remote attacker may create an arbitrary file on the system and as a result, arbitrary code may be executed.

## Solution

Update the software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • TrendLink versions 9.0.2.27051 and earlier