본문내용 바로가기 메인메뉴 바로가기 하단내용 바로가기

Security Advisory

Security Advisory Detail
CVE-2020-7817 | ACtiveSoft CO., LTD. MybrowserPlus, Arbitrary file download vulnerability2020.08.06
□ Overview
o A vulnerability has been discovered in ActiveSoft's MyBrowserPlus that can download arbitrary files.
Vulnerability type Impact Severity CVSS Score CVE ID
Missing support for integrity check Dll Injection MEDIUM 5.5 CVE-2020-7817
Arguments Modification
 
□ Description
o MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files.
 
□ Affected Products
Product Version Platform
RAONWIZ K Upload v6.2.2018.529 and prior windows 7/8/10
 
□ Solution
o Update software over 6.2.2020.211 version or over then it.
 
□ Acknowledgement
o Thanks to Jeongun Baek for this vulnerability report.
 



□ 작성 : 침해사고분석단 취약점분석팀