본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7838 | Smilegate STOVE Arbitrary Code Execution Vulnerability2020.12.17
□ Overview
 o Smilegate released security update to address arbitrary code execution vulnerability in STOVE Client.
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper Input Validation Code execution High 8.8 CVE-2020-7838
 
□ Description
 o A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page.

□ Affected Product
Product Version Platform
STOVE 0.0.4.10 ~ 0.0.4.71 Windows
 
□ Solution
 o Update software over Stove Client 0.0.4.72 version
 
□ Reference site
[1] https://www.onstove.com/download
 
□ Acknowledgements
 o Thanks to Hangjun Ko for reporting this vulnerability
 



□ 작성 : 침해사고분석단 취약점분석팀