□ Overview
o RAONwiz Co,Ltd released security update to address arbitrary file execution vulnerability in Dext5 Upload
ActiveX Control.
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Arbitrary File Execution |
Code Execution |
High |
7.8 |
CVE-2019-19164 |
□ Description
o dext5.ocx ActiveX Control in Dext5 Upload contains a vulnerability that could allow remote files to be executed
by setting the arguments to the activex method. (CVE-2019-19164)
o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code
infection.
□ Affected Product
| Product |
Version |
PlatForm |
| dext.ocx ActiveX Control in Dext5 Upload |
5.0.0.112 and prior |
Windows |
□ Solution
o Update software over dext5.ocx ActiveX Control 5.0.0.113 version or higher.
□ Reference
[1] http://www.dext5.com/page/support/notice_view.aspx?pSeq=23
□ Acknowledgements
o Thanks to Donghyun Yu for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
