ICS-CERT Advisory: ICSA-13-098-01: Canary Labs, Inc. TrendLink Insecure ActiveX Control Method [open pdf - 92KB]
This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). " This advisory provides mitigation details for a vulnerability in the Canary Labs, Inc. TrendLink software. Researcher Kuang-Chun Hung of Security Research and Service Institute�'Information and Communication Security Technology Center (ICST) has identified an insecure ActiveX control method vulnerability in Canary Labs, Inc. TrendLink ActiveX control. Canary Labs, Inc. has updated TrendLink, and Kuang-Chun Hung has tested the patch and verified that it mitigates the vulnerability. If exploited, an attacker could influence the paths or file names that are used in the software application. This could affect systems using TrendLink in the critical manufacturing and energy sectors in the United States, South America, and Europe. This vulnerability could be exploited remotely."
ICS-CERT Advisory No. 13-098-01; Industrial Controls System-Cyber Emergency Response Team Advisory No. 13-098-01
U.S. Computer Emergency Readiness Team: http://www.us-cert.gov/