본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7841| TOBESOFT XPLATFORM Arbitrary hta file execution vulnerability2020.11.13
□ Overview
 o TOBESOFT released security update to address arbitrary .hta file execution vulnerability in XPLATFORM.
    (Business UI/UX development platform)
Vulerability Type Impact Severity CVSS CVE ID
Improper input validation Arbitrary .hta file execution High 8.8 CVE-2020-7841
 
□ Description
 o Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file
execution when the command string is begun with http://, https://, mailto://. (CVE-2020-7841)

□ Affected Product
Product Version PlatForm
TOBESOFT XPLATFORM(XPlatformLib922.dll) previous version of 9.2.2.250(2019-08-27)
(included 9.2.2.250)
Window OS
 
□ Solution
 o Update programs over XPLATFORM 9.2.2.250 version or higher.

□ Acknowledgement
 o Thanks to Jeongun Baek for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀