This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery. Authentication is required to exploit this vulnerability. The specific flaw exists within hotfix_upload.cgi. The vulnerability is caused by the lack of input validation before passing a remotely supplied string to a system call. By sending a crafted request to a vulnerable system, a remote attacker can exploit this vulnerability to execute arbitrary code in the context of root.