본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory
CVE-2019-19166 | Tobesoft XPlatform Arbitrary File Execution Vulnerability2020.04.29
□ Overview
 o A vulnerability in the Tobesoft XPLATFORM could allow remote attacker to cause arbitrary code execution.
 o A vulnerability is caused by improper verification of signed DLLs when Xplatform load DLLs.
Vulerability Type Impact Severity CVSS Score CVE ID
Arbitrary File Execution Code execution High 7.8 CVE-2019-19166
 
□ Description
 o Xplatform can load unauthorized DLL files, enabling arbitrary code execution(CVE-2019-19166)

□ Affected Products
Product Version PlatForm
XPLATFORM 9.1
9.2.0
9.2.1
9.2.2		 Window OS
 
□ Solution
 o Update software over 9.2.2.260 version
 
□ Reference site
 o http://support.tobesoft.co.kr/Support/index.html

□ Acknowledgements
 o Thanks to Jeongun Baek for reporting this vulerability
 


□ 작성 : 침해사고분석단 취약점분석팀