|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | Bennet-Tec TList ActiveX SaveData Arbitrary File Creation Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Bennet Tec's Tlist ActiveX control has exposed an unsafe method. The vulnerability is due to TList TList The controller of [6-8] (TList [6-8]. ocx) contains an unsafe "SaveData" method. You can use this to create or rewrite any file in the context of the current logged in user. Remote attackers may exploit this vulnerability to achieve arbitrary code execution by enticing the target user to open the created webpage. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |