본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2020-7850 | Douzone ActiveX File Download and Execution Vulnerability2021.03.29
□ Overview
 o DOUZONE ICT GROUP. released security update to address file download and execution vulnerability in Groupware ActiveX Control.
Vulnerability Type Impact Severity CVSS Score CVE ID
File Download and Execution Code Execution High 7.8 CVE-2020-7850

□ Description
 o NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. (CVE-2020-7850)
 o A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection.

□ Affected Product
Product Version Platform
NBBDownloader.ocx 1.0.0.12 and prior Windows

□ Solution
 o Update software over NBBDownloader.ocx ActiveX Control 1.0.0.13 version or higher.

□ Reference
 [1] http://help.neobizbox.com/


□ 작성 : 침해사고분석단 취약점분석팀