Vulnerability Details CVE-2012-3022
The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.9%
CVSS Severity
CVSS v2 Score 8.5
References
Products affected by CVE-2012-3022
-
cpe:2.3:a:canarylabs:trendlink:*