본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7806 | Tobesoft Xplatform ActiveX File Download Vulnerability2020.04.29
□ Overview
 o A vulnerability in the Tobesoft XPlatform ActiveX could allow remote attacker to cause arbitrary code execution.
 o A vulnerability is due to lack of proper input validation of the code execution.
Vulerability Type Impact Severity CVSS Score CVE ID
File Download Code execution High 7.8 CVE-2020-7806
 
□ Description
 o Arbitrary code can be executed using method supported by XPlatform ActvieX control. (CVE-2020-7806)

□ Affected Products
Product Version PlatForm
Xplatform 9.2.2.250 and prior Window OS
 
□ Solution
 o Update software over 9.2.2.260 version
 
□ Reference site
 o http://support.tobesoft.co.kr/Support/index.html

□ Acknowledgements
 o Thanks to Jeongun Baek for reporting this vulerability
 


□ 작성 : 침해사고분석단 취약점분석팀