본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7803 | Zoneplayer ActiveX File Download Vulnerability2020.04.28
□ Overview
 o IMGTech Co,Ltd released security update to address file download vulnerability in Zoneplayer ActiveX Control.
Vulnerability Type Impact Severity CVSS Score CVE ID
File Download Code Execution High 7.8 CVE-2020-7803

□ Description
 o ZInsX.ocx ActiveX Control in Zoneplayer contains a vulnerability that could allow remote files to be downloaded
    and executed by setting the arguments to the activex method. (CVE-2020-7803)
 o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code
     infection.

□ Affected Product
Product Version PlatForm
ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3 and prior Windows

□ Solution
 o Update software over ZInsX.ocx ActiveX Control 2.0.1.4 version or higher.

​□ Reference
 [1] http://www.zoneplayer.co.kr/

□ Acknowledgements
 o Thanks to Donghyun Yu for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀