□ Overview
o Smilegate released security update to address arbitrary code execution vulnerability in STOVE Client.
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Improper Input Validation |
Code execution |
High |
8.8 |
CVE-2020-7838 |
□ Description
o A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page.
□ Affected Product
| Product |
Version |
Platform |
| STOVE |
0.0.4.10 ~ 0.0.4.71 |
Windows |
□ Solution
o Update software over Stove Client 0.0.4.72 version
□ Reference site
[1] https://www.onstove.com/download
□ Acknowledgements
o Thanks to Hangjun Ko for reporting this vulnerability
□ 작성 : 침해사고분석단 취약점분석팀 |
