A remote code execution vulnerability exists in the ccca_ajaxhandler.php script of Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by providing crafted input to the vulnerable system.