□ Overview
o A vulnerability in the Tobesoft NEXACRO14 ActiveX could allow remote attacker to cause arbitrary code execution.
o A vulnerability is due to lack of proper input validation of the code execution.
| Vulerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| File Download |
Code execution |
High |
7.8 |
CVE-2019-19167 |
□ Description
o Arbitrary code can be executed using method supported by NEXACRO14 ActvieX control. (CVE-2019-19167)
□ Affected Products
| Product |
Version |
PlatForm |
| NEXACRO14 |
2019.9.25.1 and prior |
Window OS |
□ Solution
o Update software over 14.0.1.3400 version
□ Reference site
o http://support.tobesoft.co.kr/Support/index.html
□ Acknowledgements
o Thanks to Jeongun Baek for reporting this vulerability
□ 작성 : 침해사고분석단 취약점분석팀 |