□ Overview
o Kaoni Co,Ltd released security update to address File Download and Execution vulnerability in ezHTTPTrans.
Vulerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
File Download |
Code execution |
High |
7.8 |
CVE-2020-7812 |
File Download & Execution |
Code execution |
High |
7.8 |
CVE-2020-7813 |
□ Description
o Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans contains a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.(CVE-2020-7812)
o Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans contains a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.(CVE-2020-7813)
□ Affected Products
Product |
Version |
PlatForm |
ezHTTPTrans
(ezhttptrans.ocx) |
1.0.0.70 and prior |
Windows OS |
□ Solution
o Update software over 1.0.0.90 version
□ Reference site
o http://www.kaoni.com/
□ Acknowledgements
o Thanks to Eunsol Lee for this vulnerability report
□ 작성 : 침해사고분석단 취약점분석팀 |