본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7826 | EyeSurfer arbitrary file download and execution vulnerability2020.07.15
□ Overview
o Bflysoft Co,Ltd released security update to address a file download and execution vulnerability in EyeSurfer ActiveX.
Vulnerability Type Impact Severity CVSS Score CVE ID
File download Arbitrary Code Execution High 8.8 CVE-2020-7826
 
□ Description
o EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it.(CVE-2020-7826)
 
□ Affected Product
Product Version PlatForm
EyeSurfer  BflyInstallerX.ocx 1.0.0.16 and prior Windows
 
□ Solution
o Update software over EyeSurfer BflyInstallerX.ocx 1.0.0.16 version or higher.

□ Reference
o http://eyesurfer.com/Customer/sub06_01.php?sort_num=3#move_page
 
□ Acknowledgements
o Thanks to Jeongun Baek for reporthing this vulnerability
 


□ 작성 : 침해사고분석단 취약점분석팀
키워드 EyeSurfer