본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory
CVE-2020-7812, CVE-2020-7813 | Kaoni ezHTTPTrans Active-X File Download and Execution vulnerability2020.05.21
□ Overview
 o Kaoni Co,Ltd released security update to address File Download and Execution vulnerability in ezHTTPTrans.
Vulerability Type Impact Severity CVSS Score CVE ID
File Download Code execution High 7.8 CVE-2020-7812
File Download & Execution Code execution High 7.8 CVE-2020-7813
 
□ Description
 o Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans contains a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC.(CVE-2020-7812)
 o Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans contains a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution.(CVE-2020-7813)

□ Affected Products
Product Version PlatForm
ezHTTPTrans
(ezhttptrans.ocx)		 1.0.0.70 and prior Windows OS
 
□ Solution
 o Update software over 1.0.0.90 version

□ Reference site
 o http://www.kaoni.com/
 
□ Acknowledgements
 o Thanks to Eunsol Lee for this vulnerability report


□ 작성 : 침해사고분석단 취약점분석팀