본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-9141 | Zoneplayer ActiveX Remote Code Execution vulnerability2019.08.02
□ Overview

 o IMGTech Co,Ltd released security update to address Remote Code Execution vulnerability in Zoneplayer ActiveX Control.

Vulnerability Type

Impact

Severity

CVE ID

Remote code execution
Code execution

High

CVE-2019-9141

 

□ Description

 o ZInsVX.dll ActiveX Control in Zoneplayer contains a vulnerability that could allow remote attacker to execute arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.

 

□ Affected Product

Product

Version

PlatForm

ZInsVX.dll ActiveX Control in Zoneplayer

2018.12 and prior

Windows

   * 2018.12 is file modified date of ZInsVX.dll.


□ Solution

 o Update software over ZInsVX.dll ActiveX Control 2019.02(file modified date)

 

□ Reference site

http://www.zoneplayer.co.kr/

 

□ Acknowledgements

 o Thanks to Joohyun Kwon for reporting this vulerability.