exploitDog

CVE-2012-3022

Опубликовано: 16 апр. 2013

Источник: nvd

CVSS2: 8.5

EPSS Низкий

Описание

The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site.

Ссылки

http://ics-cert.us-cert.gov/pdf/ICSA-13-098-01.pdf
US Government Resource
http://ics-cert.us-cert.gov/pdf/ICSA-13-098-01.pdf
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canarylabs:trendlink:*:*:*:*:*:*:*:*

Версия до 9.0.2.27051 (включая)

EPSS

Процентиль: 61%

0.0041

Низкий

8.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-gv82-f5xg-v657

github

больше 3 лет назад

The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site.

EPSS

Процентиль: 61%

0.0041

Низкий

8.5 High

CVSS2

Дефекты

CWE-264