The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.