□ Overview
o ActiveSoft released security update to address multiple vulnerabilities in MyBuilder.
Vulnerability Type
|
Impact
|
Severity
|
CVE ID
|
command injection |
Code Execution |
High
|
CVE-2019-12811
|
command injection |
Code execution |
High |
CVE-2019-12812 |
□ Description
o ActiveX Control(MBV32U.ocx) in MyBuilder allow an attacker to execute arbitrary command via the ShellOpen method.
This can be leveraged for code execution.(CVE-2019-12811)
o MyBuilder viewer allow an attacker to execute arbitrary command via specifically crafted configuration file.
This can be leveraged for code execution.(CVE-2019-12812)
□ Affected Product
Product
|
Version
|
PlatForm
|
MyBuilder
|
prior to 6.2.2019.814
|
Windows
|
□ Solution
o Update software over MyBuilder 6.2.2019.814
□ Reference site
http://activesoft.co.kr/news.html
□ Acknowledgements
o Thanks to Jeongun Baek for reporting this vulerabilities. |