본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7804 | A Command Injection Vulneravility of HandySoft Groupware ActiveX2020.04.29
□ Overview
 
o A Command Injection Vulneravility of HandySoft Groupware ActiveX exists.
 
 
Vulnerability type Impact Severity CVSS Score CVE ID
Command Injection Code Execution Medium 6.4 CVE-2020-7804
 
□ Description
 
o ActiveX Control(HShell.dll) in Handysoft Groupware allows an attacker to execute arbitary command via the ShellExec method.
 
□ Affected Products
 
 
Product Version Platform
HandySoft Groupware(HShell.dll) v1.7.3.1 windows 7/8/10
 
□ Solution
 
o Update software over 1.7.4.4 version
 
□ Acknowledgement
 
o Thanks to Eunsol Lee for this vulnerability report.
 



□ 작성 : 침해사고분석단 취약점분석팀