본문내용 바로가기 메인메뉴 바로가기

하단내용 바로가기

Security Advisory (Korean)

Security Advisory Detail
CVE-2019-12805 | NC Launcher 2 Arbitrary Command Injection Vulnerability2019.08.05
□ Overview

 o NCSOFT released security update to address arbitrary command injection vulnerability in NC Launcher 2.

Vulnerability Type

Impact

Severity

CVE ID

Command Injection Code execution

High

CVE-2019-12805

 

□ Description

 o NCSOFT Game Launcher, NC Launcher 2 has a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. this can be leveraged for code execution in the context of the current user. 

 

□ Affected Product

Product

Version

PlatForm

NC Launcher2

2.4.1.691 and prior

Windows


□ Solution

 o Update software over NC Launcher2 2.4.1.705 version

 

□ Reference site

https://lineage.plaync.com/download/index
https://www.plaync.com/download/NCLauncher2beta

 

□ Acknowledgements

 o Thanks to Hangjun Ko for reporting this vulerability