IBM Access Support acpRunner ActiveX File Download
Remote / Network Access,
Loss of Integrity
IBM acpRunner Access Support ActiveX control contains a flaw that may allow a remote attacker to place arbitrary files. The issue is triggered due to insecure methods ("DownLoadURL", "SaveFilePath", and "Download"), which may allow a malicious web site to place a file in an arbitrary location on a user's system resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.