□ Overview
o ETMS Co.,Ltd released security update to address remote code execution vulnerability in OndiskPlayerAgent.
□ Description
o Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent.
o A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.
□ Affected Product
□ Solution
o Update software over OndiskPlayerAgent 1.3.9.19 version or higher.
□ Reference
[1] http://etm-s.com
□ Acknowledgements
o Thanks to Gyuho Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
o ETMS Co.,Ltd released security update to address remote code execution vulnerability in OndiskPlayerAgent.
| Vulnerability Type | Impact | Severity | CVSS Score | CVE ID |
|---|---|---|---|---|
| Insufficient Verification | remote code execution | High | 7.8 | CVE-2022-41156 |
□ Description
o Remote code execution vulnerability due to insufficient verification of URLs, etc. in OndiskPlayerAgent.
o A remote attacker could exploit the vulnerability to cause remote code execution by causing an arbitrary user to download and execute malicious code.
□ Affected Product
| Product | Version | Platform |
|---|---|---|
| OndiskPlayerAgent | 1.3.8.12 | Windows |
□ Solution
o Update software over OndiskPlayerAgent 1.3.9.19 version or higher.
□ Reference
[1] http://etm-s.com
□ Acknowledgements
o Thanks to Gyuho Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀