본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory
CVE-2019-12811, CVE-2019-12812 | ActiveSoft MyBuilder Multiple Vulnerabilities2019.10.07
□ Overview

 o ActiveSoft released security update to address multiple vulnerabilities in MyBuilder.

Vulnerability Type

Impact

Severity

CVE ID
command injection Code Execution

High

CVE-2019-12811
command injection Code execution High CVE-2019-12812

 

□ Description

 o ActiveX Control(MBV32U.ocx) in MyBuilder allow an attacker to execute arbitrary command via the ShellOpen method.
   This can be leveraged for code execution.(CVE-2019-12811)
 o MyBuilder viewer allow an attacker to execute arbitrary command via specifically crafted configuration file.
   This can be leveraged for code execution.(CVE-2019-12812)

 

□ Affected Product

Product

Version

PlatForm
MyBuilder

prior to 6.2.2019.814

Windows


□ Solution

 o Update software over MyBuilder 6.2.2019.814

 

□ Reference site

http://activesoft.co.kr/news.html

 

□ Acknowledgements

 o Thanks to Jeongun Baek for reporting this vulerabilities.