본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-19165 | A File Download Vulnerability of Inogard Co,,LTD ActiveX control.2020.04.29
□ Overview
 o A Command Injection Vulneravility of HandySoft Groupware ActiveX exists.
Vulnerability type Impact Severity CVSS Score CVE ID
File Download Code Execution High 7.2 CVE-2019-19165

□ Description
 o AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method.

□ Affected Products
 
Product Version Platform
Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) under 1.0.5.0 windows 7/8/10

□ Solution
 o Update software over 1.0.5.1 version or over then it.

□  Reference
 o http://www.ebiz4u.co.kr/home.do

□ Acknowledgement 
 o Thanks to Donghyeon Yoo for this vulnerability report.


□ 작성 : 침해사고분석단 취약점분석팀