본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2019-19162 | TOBESOFT XPLATFORM Use After Free vulnerability2020.05.11

□ Overview

 o TOBESOFT Co,Ltd released security update to address use after free vulnerability in XPLATFORM Application.

Vulnerability Type

Impact

Severity

CVSS Score

CVE ID

Use After Free

Code Execution

High

7.8

CVE-2019-19162

 

□ Description

 o XbasicLib922.dll in Xplatform has an uninitialized pointer leading to an invalid call to free, which can cause a arbitrary code execution. (CVE-2019-19162)

 

□ Affected Product

Product

Version

PlatForm

XPLATFORM

9.1 ~ 9.2.2

Windows OS

 

□ Solution

 o Update to patched release version(9.2.2)

 

□ Reference site

 o http://support.tobesoft.co.kr/Support/index.html

 

□ Acknowledgements

 o Thanks to Jeongun Baek for reporting this vulerability




□ 작성 : 침해사고분석단 취약점분석팀