본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-19167 | Tobesoft Nexacro14 ActiveX File Download Vulnerability2020.04.29
□ Overview
 o A vulnerability in the Tobesoft NEXACRO14 ActiveX could allow remote attacker to cause arbitrary code execution.
 o A vulnerability is due to lack of proper input validation of the code execution.
Vulerability Type Impact Severity CVSS Score CVE ID
File Download Code execution High 7.8 CVE-2019-19167
 
□ Description
 o Arbitrary code can be executed using method supported by NEXACRO14 ActvieX control. (CVE-2019-19167)

□ Affected Products
Product Version PlatForm
NEXACRO14 2019.9.25.1 and prior Window OS
 
□ Solution
 o Update software over 14.0.1.3400 version
 
□ Reference site
 o http://support.tobesoft.co.kr/Support/index.html

□ Acknowledgements
 o Thanks to Jeongun Baek for reporting this vulerability
 


□ 작성 : 침해사고분석단 취약점분석팀