본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-19164 | Dext5 Upload ActiveX Arbitrary File Execution Vulnerability2020.04.28
□ Overview
 o RAONwiz Co,Ltd released security update to address arbitrary file execution vulnerability in Dext5 Upload
    ActiveX Control.
Vulnerability Type Impact Severity CVSS Score CVE ID
Arbitrary File Execution Code Execution High 7.8 CVE-2019-19164

□ Description
 o dext5.ocx ActiveX Control in Dext5 Upload contains a vulnerability that could allow remote files to be executed
    by setting the arguments to the activex method. (CVE-2019-19164)
 o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code
    infection.

□ Affected Product
Product Version PlatForm
dext.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and prior Windows

□ Solution
 o Update software over dext5.ocx ActiveX Control 5.0.0.113 version or higher.

□ Reference
 [1] http://www.dext5.com/page/support/notice_view.aspx?pSeq=23

□ Acknowledgements
 o Thanks to Donghyun Yu for reporting this vulnerability.
 


□ 작성 : 침해사고분석단 취약점분석팀