□ Overview
o Mastersoft Co.,Ltd released security update to address buffer overflow vulnerability in ZOOK solution(remote administration tool).
Vulnerability
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Buffer Overflow |
Command Execution |
High |
8.0 |
CVE-2020-7877 |
□ Description
o A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted
OUTERIP value becasue of the missing boundary check. (CVE-2020-7877)
o This vulnerability allows the attacker to execute arbitrary command.
□ Affected Product
Affected Product
| Product |
Version |
Platform |
ZOOKViewer_Setup.exe
ZOOKAgentSetup.exe |
2.0.4.6
2.0.6.1 |
Windows |
□ Solution
o Update software over ZOOKViewer_Setup.exe 2.0.8.3, ZOOKAgentSetup.exe 2.1.0.1 version or higher.
□ Reference
[1] https://zook.co.kr/downloads.html
□ Etc
o Thanks to Jeongun Baek for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
