□ Overview
o IMGTech Co,Ltd released security update to address file download vulnerability in Zoneplayer ActiveX Control.
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| File Download |
Code Execution |
High |
7.8 |
CVE-2020-7803 |
□ Description
o ZInsX.ocx ActiveX Control in Zoneplayer contains a vulnerability that could allow remote files to be downloaded
and executed by setting the arguments to the activex method. (CVE-2020-7803)
o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code
infection.
□ Affected Product
| Product |
Version |
PlatForm |
| ZInsX.ocx ActiveX Control in Zoneplayer |
2.0.1.3 and prior |
Windows |
□ Solution
o Update software over ZInsX.ocx ActiveX Control 2.0.1.4 version or higher.
□ Reference
[1] http://www.zoneplayer.co.kr/
□ Acknowledgements
o Thanks to Donghyun Yu for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |