□ Overview
o A vulnerability in the Tobesoft XPLATFORM could allow remote attacker to cause arbitrary code execution.
o A vulnerability is caused by improper verification of signed DLLs when Xplatform load DLLs.
| Vulerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Arbitrary File Execution |
Code execution |
High |
7.8 |
CVE-2019-19166 |
□ Description
o Xplatform can load unauthorized DLL files, enabling arbitrary code execution(CVE-2019-19166)
□ Affected Products
| Product |
Version |
PlatForm |
| XPLATFORM |
9.1
9.2.0
9.2.1
9.2.2 |
Window OS |
□ Solution
o Update software over 9.2.2.260 version
□ Reference site
o http://support.tobesoft.co.kr/Support/index.html
□ Acknowledgements
o Thanks to Jeongun Baek for reporting this vulerability
□ 작성 : 침해사고분석단 취약점분석팀 |