o A vulnerability in the Tobesoft NEXACRO14 ActiveX could allow remote attacker to cause arbitrary code execution.
o A vulnerability is due to lack of proper input validation of the code execution.
o Arbitrary code can be executed using method supported by NEXACRO14 ActvieX control. (CVE-2019-19167)
□ Affected Products
2019.9.25.1 and prior
o Update software over 22.214.171.12400 version
□ Reference site
o Thanks to Jeongun Baek for reporting this vulerability