□ Overview
o Handysoft, Inc. released security update to address file download and execution vulnerability in Groupware ActiveX Control.
Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
File Donwload and Execution |
Code Execution |
High |
8.8 |
CVE-2020-7810 |
□ Description
o hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. (CVE-2020-7810)
o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.
□ Affected Product
Product |
Version |
Platform |
hslogin2.dll |
6.7.8.4 and prior
7.3.4 and prior |
Windows |
□ Solution
o Update software over hslogin2.dll ActiveX Control 6.7.8.9002 / 7.3.4.1 version or higher.
□ Reference
[1] http://www.handysoft.co.kr/en/
□ Acknowledgements
o Thanks to Eunsol Lee for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |