□ Overview
o A vulnerability in the Tobesoft XPLATFORM ActiveX could allow an remote attacker to cause arbitrary code execution.
o The vulnerability is due to lack of proper input validation of the code exection.
| Vulerability Type |
Impact |
Severity |
CVE ID |
| Arbitrary code execution |
Code execution |
High |
CVE-2018-5197 |
□ Description
o The ExtCommon.dll module of Xplatform ActvieX control get a input command value. A remote file can be executed via this command
□ Affected Products
| Product |
Version |
PlatForm |
| XPLATFORM |
9.2
9.2.1
9.2.2 |
Window OS |
□ Solution
o Update software over ExtCommon.dll 9.1.1.141, 9.2.0.291, 9.2.1.2.100, 9.2.2.10 version
□ Reference site
o http://support.tobesoft.co.kr/Support/index.html
|
