본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2018-5197 | XPLATFORM ActiveX arbitrary code exection2018.12.07
□ Overview
o A vulnerability in the Tobesoft XPLATFORM ActiveX could allow an remote attacker to cause arbitrary code execution.
o The vulnerability is due to lack of proper input validation of the code exection.
Vulerability Type Impact Severity CVE ID
Arbitrary code execution Code execution Critical CVE-2018-5197
 
□ Description
o The ExtCommon.dll module of Xplatform ActvieX control get a input command value. A remote file can be executed via this command
 
□ Affected Products
Product Version PlatForm
XPLATFORM 9.2
9.2.1
9.2.2
Window OS
 
□ Solution
o Update software over ExtCommon.dll 9.1.1.141, 9.2.0.291, 9.2.1.2.100, 9.2.2.10 version
 
□ Reference site
o http://support.tobesoft.co.kr/Support/index.html