본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-12809 | Yes24Viewer ActiveX File Download and Execution Vulnerability2019.08.14
□ Overview

 o YES24 released security update to address file download and execution vulnerability in Yes24ViewerX ActiveX Control.

Vulnerability Type

Impact

Severity

CVE ID

Arbitrary code execution Code exeuction

High

CVE-2019-12809

 

□ Description

 o Yes24Viewer ActiveX Control contains a vulnerability that could allow remote attackers to download and execute arbitrary file by setting the argument to the ActiveX method.
 o This can be leveraged for arbitrary code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
 

□ Affected Product

Product

Version

PlatForm

Yes24Viewer ActiveX

1.0.327.50126 and prior

Windows

 

□ Solution

 o Update software over Yes24 Viewer ActiveX 1.0.468.1016 version

 

□ Reference site

http://www.yes24.com

 

□ Acknowledgements

 o Thanks to Eunsol Lee for reporting this vulerability