o TOBESOFT released security update to address arbitrary .hta file execution vulnerability in XPLATFORM.
(Business UI/UX development platform)
|Improper input validation
||Arbitrary .hta file execution
o Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file
execution when the command string is begun with http://, https://, mailto://. (CVE-2020-7841)
□ Affected Product
||previous version of 22.214.171.124(2019-08-27)
o Update programs over XPLATFORM 126.96.36.199 version or higher.
o Thanks to Jeongun Baek for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀